Scammed by Smart PC Experts? Here's What to Do

Dennis Faas's picture

Infopackets Reader Bill H. writes:

" Dear Dennis,

I was on Amazon.com and suddenly a warning message appeared, stating that my PC was infected with a virus and to call 1-866-666-1917 to fix the problem. There was no way to close the window. I called the number and spoke to a fellow at Smart PC Experts (smartpcexperts.com), who had a very thick Indian accent. They convinced me that my PC was infected with the Zeus Trojan and it needed to be fixed. I allowed them remote access to my machine and they installed some software. After that, they demanded $499 as payment for their services. I was certain I was being scammed, so I hung up the phone. Immediately after that, my Internet stopped working. I called them back and they told me if I don't pay the $499 ransom they would block the Internet. I didn't know what else to do, so I paid the money. I came across your article on PC Network Experts (pcnetworkexperts.com) and Web Network Experts (webnetworkexperts.com) and now I know for sure I've been scammed. I need to be 100% sure these scammers don't have access to my computer. Can you PLEASE help? "

My response:

For the record, any time you receive a popup warning message that there is something wrong with your computer and to call a 1-800 number to "fix it" - it's a scam!

Here's a report by NCNow News that also confirms a couple in New York were scammed by Smart PC Experts for $1,200 after a fake popup warning claimed they were "infected".

I decided to use the 'whois' database lookup to see who owns the Smart PC Experts (smartpcexperts.com) website, and the domain is registered to Sumit Singh in New Delhi, India. The same person (if his name is real) also owns pcnetworkexperts.com, webnetworkexperts.com, and rightpcexperts.com. With the addition of smartpcexperts.com, that makes 4 scam websites providing fake tech support - all with different names, and all different 1-800 phone numbers.

You have to ask yourself - if this was a legitimate company, why would they have different website names and different 1-800 phone numbers? The answer is simple - it's a scam!

It's also worth noting that these scammers may be related to Informatico Experts, which I reported on last year. After further research it appears that the domains owned by Informatico Experts have all but disappeared from Google - meaning that it appears that the scammers have simply abandoned the domain name and 1-800 numbers previously used to scam people. And now, it appears that the new domains (smartpcexperts.com, et al) appear to have taken over the throne. It's the exact same scam, but different 1-800 numbers, and different (fake) shell company names!

Smart PC Experts = Fake Tech Support

Visually, here is what the scam looks like:

Fake Security Programs are Malware in Disguise

After connecting to Bill's machine, I used virustotal.com to upload and digitally examine the "security" programs the scammers installed on his machine.

My findings are as follows:

  • The "Banking Security" program they used was the scariest by far; virustotal.com reported that this program is actually a keylogger. This gives scammers the ability to record keystrokes in order to steal financial information; the data stolen is then relayed to cyber criminals (for example). Imagine if Bill had run this program just before connecting to his Bank's website!
     
  • The "Email Security" program the scammers installed was actually a "Win64.Dropper.dt" Trojan Dropper. This Trojan in particular silently stays active in memory, waiting and listening for instruction (by remote) from cyber criminals. Once activated, criminals can install malware by remote onto the machine without the user knowing, including spy tools, key loggers, password sniffers, remote access backdoors, etc.
     
  • The "Network Firewall", "Anti-Hacking", and "Network Security 7.0" programs installed contained different variants of keyloggers according to the analysis provided by virustotal.com.

Here's a screen capture I took of another client's machine to show the fake security programs they installed - similarly mentioned above!

Scammers Leave Live Remote Connection to Machines

Most worrying is that the scammers still had access to Bill's machines. I found 5 very well hidden, and difficult to remove remote access backdoors in total.

Oftentimes scammers will use these secretly hidden communication tunnels to sabotage a system by remote, then call their victims to have them "fix" more "problems". The scam then repeats indefinitely until the victim wises up. And, as I have reported previously - if you don't pay up, the scammers will lock you out of your machine, install ransomware, or delete your files by remote!

Scammed by Smart PC Experts? Here's What to Do

Now that you know this is a scam, here is what you need to do:

  1. First, cancel the payment you made to the scammers. If you paid by card, use the phone number on the back of your credit card to report the fraudulent transaction to your credit card company. If you paid by check, you are serious hot water as the scammers now have your name, address, the bank's name, bank address, your account number, routing number, etc. With this information, scammers can hit your bank account multiple times using their fake companies.

    As I mentioned already, Smart PC Experts (smartpcexperts.com) is the same scam company as pcnetworkexperts.com, webnetworkexperts.com, and rightpcexperts.com, and they likely operate under other multiple, fake company names (and more to come - I'm sure). This makes it difficult to block transactions by the bank because the bank simply won't know "who" to block. Meanwhile, your money goes out the door and you may be waiting months to get it back!

    There are other bullet-proof ways to block transactions to ensure your money is safe, but it is considerably more involved. Based on my experience this requires some explaining, so if you need help with this I am more than happy to assist - contact me here.

    Note that if you paid by gift card (iTunes, Amazon, etc) then you have little to no recourse, as those methods of payment are irreversible once you've given them the PIN number.
     
  2. Don't answer the phone when the scammers call you back - and believe me, they will! Based on reports from other clients, these scammers in particular will make a fake follow up call to make sure that you're "happy" with their fake tech support services. They will do everything they can to get permission to go back into your machine so they can scam you more. DON'T FALL FOR IT! The fact is, they already have remote access to your machine - but they won't let on that they do.
     
  3. Finally, hire a REAL professional (such as myself - link here) to look over your system to undo the damage caused by the scammers. Based on my experience, the scammers will leave on average 3 to 5 hidden backdoors (open connections) on your system. That means they can get back into your computer and do whatever they want, whenever they want.

    Please note that based on my experience, the scammers will either lock you out of your machine (changing your password), delete all your files remotely, or install ransomware on your machine once they find out that you either didn't make the payment or canceled the payment - so if you are not sure what to do, please contact me first (link here) or you will be in a world of hurt!

    Also worth noting: one of my clients had $18,000 stolen from his account only DAYS after having scammers in his machine. What's very interesting about this case is that he swears he did not give them the account number that the money was taken from. Therefore I suspect the scammers installed a keylogger or password sniffer once they connected to his machine - similar to the malware I've already mentioned in the article - then stole his financial information afterward!

    A real PC expert, such as myself, can find these backdoors and threats and eliminate them. Once again - based on my experience - antivirus and antimalware won't find these threats because they are often legitimate software programs used in nefarious ways. The story I mentioned earlier (reported by NCNow News) also confirms this exact fact. You have been warned!

    As a courtesy service I will provide a letter to your credit card company or bank confirming you were scammed after examining your system. You can use this valuable information as proof of being defrauded, which will help you to get your money back from scammers.

For the record, I have helped countless people with this scam and know exactly where to look to eliminate these threats.

Additional 1-on-1 Support: From Dennis

If you are reading this article right now because you've been scammed, I can help. I get emails all the time about this scam; some people even ask me "How do I know you're not a scammer, too?" My response to this is that you can read my articles I've published over the last 18 years and also review my resume. Based on that, you should be able to understand that I am in fact legitimate, compassionate, and am more than willing to lend a hand - simply contact me, briefly describing the issue and I will get back to you as soon as possible.

Rate this article: 
Average: 5 (8 votes)

Comments

TopDriver's picture

Dennis,

I recently had several web-sites hacked. They were very small web-sites. I contacted the FBI thru their web-site. They actually called me and asked for details. They might be very interested in these scams. They are becoming a lot more pro-active of these issues.

TopDriver

Dennis Faas's picture

What you're suggesting is not really related to this post, though if you are concerned about your sites being compromised, I am more than happy to look into this for you using my remote support service. I have been running dedicated web servers since 2001, so I have quite a bit of experience. You can contact me using the 'contact' link at the top of the page.