Microsoft Technical Support SCAM

—Misrepresentation by Indian Tech Support Companies
Jenny Marsh —03/2012 (updated 04/2016)
Bogus Indian tech support companies are cold-calling individuals in English-speaking countries claiming to represent Microsoft and to know that their victims computers are infected with viruses and other problems which they fix remotely for an extortionate fee. This is a scam.

THE MICROSOFT TECHNICAL SUPPORT SCAM was originally brought to our attention by one of our readers whose 80-year old mother was scammed out of a total of £509.46 for removing viruses from her computer, viruses that the caller claimed to be able to detect remotely at the very start of the call, before he had remote access to her machine.

Here is his account of this scam, an experience that any Google search will show is becoming increasingly common.

*            *            *

The victim received a cold-call from what sounded like a "charming Indian gentleman" who claimed to be a Microsoft representative who had remotely detected that her computer had a virus problem which he would remove for a fee. The victim trusted what he said because she believed his story about being a representative of Microsoft, and naively followed his instructions to give the cold-caller remote access to her computer to fix the "problem". He went through some processes remotely and then claimed he had removed the virus but had found other viruses, which he subsequently removed. He also said her system was running slow and advised her to have him also fix it. He asked her for payment details so that she would be protected in the future, and she foolishly handed over her RBS (Royal Bank of Scotland) credit card details, once again, believing his assertion that he was from Microsoft.

A week later, she received emails from a company called SWREG Inc (sent from support@swreg.org), outlining six consecutive charges made on her RBS MasterCard. These subsequently showed up on her credit card statement as follows:

  17 Oct 2011 DRI SWREG Inc. cardquery.com £8.22
  17 Oct 2011 DRI SWREG Inc. cardquery.com £86.40
  17 Oct 2011 DRI SWREG Inc. cardquery.com £10.50
  17 Oct 2011 DRI SWREG Inc. cardquery.com £171.60
  17 Oct 2011 DRI SWREG Inc. cardquery.com £10.74
  17 Oct 2011 DRI SWREG Inc. cardquery.com £222.00

She rang her son in a panic because she didn't know who SWREG Inc. was and was certainly not aware of authorizing so many charges and for such high amounts.

Checking the victim's computer after the scam, her son could not find anything on the computer, no software had been installed as far as he could see and he could find no trace of what the cold-caller had done a few months earlier. This worried him as others who had fallen for this scam were urging complete reinstallation of the operating system.

Her son urged her to contact the issuing bank of her MasterCard — RBS — and get the charges reversed, which she subsequently did. RBS refunded her £509.46 and she breathed a sigh of relief thinking that that that was the end of the matter. Meanwhile, her son emailed SWREG on the 25th October 2011:

Thank you for informing my mother of her recent order. Please note this order was cancelled with the credit card company immediately after the sales call as per the distant selling regulations in the UK by my instruction, and the amount has not been charged to the credit card. The service was mis-sold.

Please do not contact my mother again and if you wish to continue correspondence, please deal only with me.

In the meantime, RBS obviously queried SWREG (owned by Digital River) about the charges, and SWREG came back to RBS claiming that the charges were indeed legitimate (all six of them!) and they give proof of the receipt charges (quite how that can be proof is beyond us). As a consequence, RBS put back the charges totaling £509.46 onto the victim's credit card on the 30 Jan 2012, and she was basically forced to pay. Thanks SWREG and Digital River for defending the scam!

A Google search seems to suggest that DRI (Digital River Inc) SWREG has a very mixed online reputation, taking payments for some questionable businesses. So always be very vigilant when paying any bill using this company as their customer vetting system may not be the best. For example, see: http://www.trustpilot.com/review/www.swreg.org and
http://www.resellerratings.com/store/SWREG_DR_globalDirect_Inc

A further check of the emails/paperwork sent by the credit card company as proof of the charges' "legitimacy" showed that SWREG was just the credit card payment company for the actual scammer which was an Indian company called APTURO, which operates from www.apturo.net. (Their website seems to be defunct now, probably due to this review, and they are no doubt operating under a different name and web address.)

Despite a very probable name change, we will look at Apturo as a company to show how these scammers generally operate.

First thing was to do a whois search on this company's hosted domains — apturo.net and aputro.com — but this provided no information as the tech support scammers are hiding behind private registration provided by www.privacyprotect.org, something that immediately should set off alarm bells when one is dealing with a commercial organisation selling a product or service. (That said, who checks domain records before dealing with a company!)

ASIDE: Privacyprotect.org is well known online for hiding the domain registration details of many online scammers, which any Google search will reveal. Privacyprotect.org itself hides behind a PO Box in Australia. A search online seems to inconclusively link this domain anonymizing service with Directi Internet Solutions Pvt. Ltd., an India-based domain registration company, see legal document: http://www.scribd.com/doc/69157731/Who-owns-privacyprotect-org-Answer-Directi-Internet-Solutions-Pvt-Ltd)

The Apturo website itself is extremely dubious. For example, their disclaimer at http://www.apturo.net/disclaimer.php reads (screen capture 10 Mar 2012):

apturoscam02

"The information you find here on apturo.net is not guaranteed to be 100% correct, but the site does strive to bring the most factual information it can find.

The photos and information contained on this site are considered to be in the public domain, as they were found in various places on the Internet. This site in no way wishes to infringe on anyone's copyright. If anyone has found anything that they feel infringes on their rights, we request that they should email us and we guarantee the item will be removed or altered to fit accordingly immediately.

By this, we mean that if anyone wishes for the item to be removed, that is completely fine with us, and we will do so immediately. Please be as detailed as possible when sending email, as to the picture number, the reasons why copyright has been violated, etc. we promise to be quick and efficient in resolving any copyright matter."

So they are basically admitting that their website is a collection of images and information from "various places on the internet", images and information that they admit to copying from elsewhere. I have never seen this sort of disclaimer on any commercial website, and it is another factor showing the dodgy nature of this organisation. They probably need such a disclaimer because they show logos of well-known computer and internet companies on their front page, companies such as Hewlett-Packard, IBM, D-Link, Kaspersky Anti-Virus and Guardian Antivirus, companies that that I cannot find any evidence that they have any connection with.

Apturo's terms and conditions (http://www.apturo.net/termscondition.php) are also extremely dubious because they basically green-light credit card charges without receipts (screen capture 10 Mar 2012):

apturo scam

Here are some excerpts:

You authorize the issuer of the credit card to pay any amounts described herein without requiring a signed receipt, and you agree that these charges are to be accepted as authorization to the issuer of the credit card to pay any amounts described herein without requiring a signed receipt, and you agree that these charges are to be accepted as authorization to the issuer of the credit card to pay all such amounts. You authorize Apturo and/or any other company who bills products or services, or acts as billing agent for Apturo to continue to attempt to charge and/or place holds with respect to all sums described herein, or any portion thereof, to your credit card until such amounts are paid in full.

You may not create hyperlinks to any portion of the Apturo Portal, nor any Materials or Software posted therein.

This Agreement and the rights and obligations of the parties under this Agreement and any disputes arising out of or in connection with this Agreement shall be governed in all respects by the laws of the India without regard to conflicts of laws principles that would require the application of the laws of any other jurisdiction.

Note that the emails sent to victim of the Apturo Microsoft Technical Support Scam on the 24th October 2011, a week after the cold-call, were not actually receipts, but were termed "reminders". At no point did she get any official receipt from Apturo for the charges that were made, only an email from SWREG outlining the charges made by Apturo using their payment gateway service.

Also notice the refund policy states:

For subscription based plans, a full refund will be given to the customer within seven days without asking any reason.For subscription based plans, a full refund will be issued if Apturo has not been able to resolve even a single issue for you within the first 15 days of the subscription. If there are one or more resolved issues, the fees for the Subscription Service will not be refundable.

As they send the "reminders" (by email) a full week after the cold-call, they lowering the chance that someone is going to request a refund within the initial 7-day period.

Apturo have a very poor online reputation. Here are some authoritative reviews of the Apturo and similar scam services (just seven examples amongst many that you will find with a Google search on "Apturo scam" and "tech support scams"):

  1. The following link and quote is from a Scottish community website write up by Angela Haggerty on a notice released by Strathclyde Police against these types of computer fraud, and you will see on the comment underneath the article that Apturo is explicitly cited as one such rogue company.
    http://www.s1bute.com/news/strathclyde-police-warn-against-computer-fraudsters---.html

HUNDREDS of pounds have been lost by residents in the Argyll & Bute area due to a computer scam, Strathclyde Police said.

The scam, which s1Bute first reported in April, involved phone calls to landline telephones from individuals claiming to be from a Microsoft Windows support group. Strathclyde Police said callers had also claimed to be from other companies.

Residents on the Isle of Bute had been targeted, although the scam is now reported to be more widespread.

Community Safety Sergeant Mark Wilson said: "Over the last weekend, Strathclyde Police has received several reports of a fraud being carried out across the whole Argyll & Bute area.

"This takes the format of the public receiving a cold telephone call from an individual claiming to represent Microsoft - or other company such as AOL - and that the individual's computer, or partner/husband/wife, has reported a fault and that they require remote access to solve the problem."

Remote access gives a potential fraudster direct access to a victim's computer, and all of the information on it. This can be done by giving the caller simple details about the computer system.

"After access is given it is explained that the relevant upgrades will cost money at which point bank details or credit card details are obtained and monies taken." Sergeant Wilson added.

The police advised that anyone receiving a suspicious call should hang up immediately. "The people making the calls are very plausible, and we have received reports from every area of Argyll & Bute, and although the majority have taken the appropriate action, there have been several members of the community who have lost several hundreds of pounds."

Sergeant Wilson offered advice to those who suspect they may have fallen victim to the scam: "Contact your bank or credit card company immediately and report the incident. Verify at this time if you need to change any security details, as you may have given away more information to the fraudster than you think.

"Contact your police office to report the incident. If you do this, please keep any e-mails or information you may have."

  1. Below is a snapshot of an official Microsoft forum (Microsoft Answers) that specifically names Apturo as a scamming company. You will see that Microsoft MVP Ken Blake specifically says that "It is a scam, and one that's becoming more and more common lately.
    http://answers.microsoft.com/en-us/windows/forum/windows_other-security/companys-keep-calling-me-saying-they-are-from/bd530102-7520-456f-8efc-b1212e05c36a?msgId=c45b23b1-6001-48a6-a5c1-93bd4a6204ae. Microsoft itself warn people of these sorts of scans saying, "If you receive an unsolicited call from someone claiming to be from Microsoft Tech Support, hang up. We do not make these kinds of calls." You can read Microsoft's advice on these sorts of scams here: www.microsoft.com/en-gb/security/online-privacy/msname.aspx.

apturo scam 01

 

  1. Here is another review site on Apturo and their scamming ways:
    http://whocallsme.com/Phone-Number.aspx/02080997526
    You will see that a lot of people have had problems with this company offering bogus services.

  2. Computer Active, a UK computer magazine, have managed to record a conversation with Microsoft tech support scammers running an identical fraud: https://www.youtube.com/watch?v=41vbCFXqRy8 — see below. (Apturo is actually a search term that leads to this video.)

  1. Symantec, the security company, also recorded a conversation with an identical technical support phone scam company to Apturo called Online PC Doctors: http://youtu.be/WhV6rIgyQ-s (see below). This clearly illustrates how these types of scammers escalate the charges by finding more and more nonexistent problems. If someone is particularly gullible (like this elderly victim), they end up extorting multiple charges for the bogus services that they offer. It is particularly interesting that Symantec state that they are not aware of any legitimate tech support companies that cold-call for business.

  1. Here is a page from ActionFraud for reporting computer crimes like this in the UK, and this sort of scam is already well-known to them: http://www.actionfraud.org.uk/fraud-az-microsoft-frauds. If you are a victim of the Microsoft Technical Support scam, please ring ActionFraud and report the company perpetrating the scam.

Apturo Scam

 

  1. And here we have a review of a fraud which is identical in detail to that which was perpetrated on the victim above, except a different organisation was the perpetrator. I include it here to show the prevalence of this scam. If you have not heard of it yet, you will certainly hear of it in the future as more and more people fall for scams like this one. See: www.channelpro.co.uk/advice/6135/unstoppable-tech-support-scam

  2. Here we have a detailed webpage from back in 2009 that outlines just how prevalent these sorts of tech support scams are, and how many different Indian companies are involved: http://www.digitaltoast.co.uk/supportonclick-systemrecure-scam. There are some good links on this page, including a link to an article by Charles Arthur, technology editor of the Guardian newspaper, who wrote in 2010 about a police crackdown on websites offering fake computer support: http://www.guardian.co.uk/technology/2010/jul/19/police-crackdown-phone-scam-computer

  3. Another person investigating this type of scam is James Wiseman which you can read at: http://www.jameswiseman.com/blog/tag/windows-support-telephone-scam/

  4. And finally this is another article by technology editor Charles Arthur in the Guardian newspaper that gives an interesting overview of these Indian technical support scams, wondering how the scammers get hold of contact details: http://www.guardian.co.uk/technology/blog/2010/jul/20/phone-calls-india-scams

These are just ten examples of the many that you will find online regarding the Microsoft Technical Support scam. There are actually a host of different companies (all seem to be in Indian), that are perpetrating this scam and variants of this scam. A search online will show that they are an increasing problem in English-speaking countries.

 

Review and Conclusion

With overseas cold-call telephone scammers, it is very difficult to provide absolute proof of the fraud because one usually does not have enough notice to record the call (although some have managed to record calls — see Youtube clips above). And if the scammers do agree to show call-recording proof of card authorisation, they will only select that tiny part of the call where credit card payment is given, not the part where they are misrepresenting themselves as Microsoft and making ridiculous assertions about knowing that there is a problem with a computer that they have no connection with (before using the remote access software to fix it).

For this reason, it is important to give credit card companies a lot of information as each piece on its own could be considered circumstantial or just a single negative review. But put all the evidence together, and you the sheer number and caliber of negative reviews clearly point to bogus tech support companies like Apturo perpetrating a very lucrative scam.

Here is a very brief review of the information provided:

  1. This "virus elimination" cold-call scam is well-known in this country and around the world. Trading Standards are well aware of them and they have become a very big problem.
  2. Apturo is named on multiple internet sites as an entity perpetrating this scam. The shear weight and number of complaints is undeniable, and collectively these reviews cannot be easily dismissed.
  3. UK police have warned about this scam, as have computer magazines and Symantec. Again the name Apturo is often linked to these warnings.
  4. Online web searches seem to show that SWREG (owned by Digital River Inc.) has a reputation for taking credit card payments for some dubious organisations (as well as legitimate organisations of course).
  5. Apturo hides behind anonymity, but is actually an organisation being run out of India.
  6. Apturo uses blue-chip company logos on their website with a laughable disclaimer for their use. There is no evidence that they have any official link to these companies, and use the logos on their website to bolster their reputation during cold-calls.
  7. The Apturo cold-caller claimed to be a representative of Microsoft, a standard claim for these types of scam calls. This is misrepresentation.
  8. An official Microsoft forum has specifically named Apturo as perpetrating this scam.
  9. The Apturo cold-caller claimed the victim's computer was infected by a dangerous virus before he was even granted remote access by her to "fix" the problem. The problem was invented to try to justify an expensive "fix".
  10. Apturo charged an extortionate amount of £509.46 for their "services" — the price of a new computer. The victim was not only mis-sold but deceived into paying this extortionate fee for a problem that didn't exist.
  11. Apturo made SIX consecutive credit card payments all in one day for a total of £509.46, and yet these multiple payments in quick succession did not seem to have set off any alarm bells with RBS card fraud department.
  12. Apturo provided no receipts or any proof for "services" rendered. All they did was send, 7 days after the cold-call, email "reminders" of "services" rendered a week earlier.

As a general rule, as Symantec say in the video above, anyone who cold-calls customers for technical support is very likely trying to scam you out of money. In fact, NEVER sign up to ANYTHING from a cold-call, no matter how good it might sound. Apturo are just one company out of many (mostly operating out of India) that are running this sort of technical support scam.

*            *            *

The reader who reported the Apturo tech support scam to us actually sent all the documented information to RBS credit card fraud department on the 10th March 2012, and a month later received a letter from RBS dated 11 April 2012 apologizing for their mistake and crediting his mother (again!) the £509.46 she lost. This was a full SIX MONTHS after the initial fraud was perpetrated, but was obviously happy to see that RBS did the right thing in the end by refunding the money.

There are probably many victims of this fraud who have just not had the time to present to their credit card companies all the evidence, and this is why we are detailing things here. If you fall for the Microsoft Technical Support scam or a similar scam, send a printout of this webpage to your credit card company.

*            *            *

Finally, I will mention the experience of another victim of this technical support scam who has recently contacted us. This lady was almost scammed out of $300. The perpetrators of this Microsoft Technical Support scam again had Indian accents. What is different about this incident was that the victim gave them a debit card rather than a credit card. As readers probably know, giving out a debit card details is NEVER advisable remotely — whether online or by phone — as there is no protection.

The scam was perpetrated at around 5.30pm and lasted about an hour. Afterwards, the victim was concerned, and after finding our website contacted us. We told her it was a scam and to contact the debit card issuing bank immediately to inform them of the fraud and cancel the card. This she did, and the card was cancelled at around 8pm, but the bank advised her that any debit card charges taken by the scammers would not show until 9am the next morning.

When the next morning came (after a sleepless night), the only money debited from the account using the cancelled debit card was at 7pm for £210 (sterling conversion amount for $299) by a UK company whose name the credit card company gave as Overseas Films Limited. An online search reveals this company's website to be www.flamevt.co.uk, with phone number just an EE mobile number. Ring the number and you get a man answering with a simple "hello" (no company name). What is more, he has a strong Indian accent.

Overseas Films Ltd. may be a legitimate business and we are not claiming that they are directly involved with this scam, although when the tech support scammers rang the victim again the following day, probably to try to squeeze more money out of her, they did mention that the $299 charge for the previous day's one hour tech support was charged by a company called "Overseas Films Ltd." to make the processing easier for them. So Overseas Films Ltd. were certainly known to them and this company was certainly trying to receive the scammed money.

Thankfully the receiving bank reversed out that debit charge of £210 and so the victim did not lose anything in the end, apart from a sleepless night and time wasted on the phone reporting the scam. So another happy ending.

*            *            *

I will finish this report with a story of a friend who recently had to deal with these Microsoft Technical Support scammers. He is very familar with these sorts of scams and as soon as he heard an Indian accent telling him that Microsoft Technical Support were ringing him responded: "Hello Mr Scammer, what can I do for you?". The response was an angry "F**k Off" and the phone slammed down.end

 

Videos worth watching:

Tech guy Jim Browning locates where one particular Microsoft Technical Support scamming organisation is located.

And finally, this one is rather amusing: