Offshore Outsourcing & Scammer

Pashin Infotech Pvt. Ltd. is an in Liulah, India registered company. Pashin Infotech Private Limited seems to be not successful in their business and for this reason they are trying to make money with fraud. They are offering a Tech Support campaign which is a plain scam and full of lies. The provided domain mscorp-payment.com at their Facebook page got already deleted. The scammer, director Pintu Singh seems have to been so stupid to use the name of Microsoft (mscorp) in his domain name. Such domains have a very short expiration time. As soon the first complaints are coming up and that happens by Tech Support Scam very fast, the domain gets deleted from the authorities.

It seems that Pashin Infotech failed with their own Tech Support strategy at the beginning of the year 2014 because their last entry at their Facebook page is from February 18, 2014. It seems to be easier for their director Pintu Singh to scam others than to work on their own campaign. Everybody can get it how difficult it is to sell Tech Support by cold calls. Nobody gives up a business where he is earning good! For this reason the scammer Pintu Singh got the idea that others should pay to him for getting his scam campaign. The worst case that can happen is that the center owner pays for going to jail.

That scammer are even too lazy to type a email message can get shown in the from a call center forwarded email with the attached script:

From: Pashin Solutions [mailto:pashinsolutions@gmail.com]
Sent: Thursday, January 28, 2016 10:31 AM
Subject: Tech Support Script

PFA

--

Thanks & Regards,

 

Pintu Singh

Managing Director

Pashin Infotech Private Limited

+918100266097

Attachment:
Tech-Support Script.doc

I have copied the content of the script here, but you can download the word document from the link Tech-Support Script.doc too. The campaign requires three different agents. The one agent which is cold calling, a supervisor and an agent which makes the verification with the victim. This campaign can get started from everybody and he even don't need to pay the scammer Pintu Singh from Pashin Infotech because Pintu Singh or Pashin Infotech is not providing anything. By taking a look at the following script you'll see that this campaign is nothing else than an outbound scam system. Why do you need to pay a scammer?

The agent's script shows that this campaign is a plain outbound campaign. You can even not be sure that the called one owns a computer or a device with Internet connection:

Agent’s Script:

Hi! This is ……………. And I am calling you from the computer technical department ‘FOR ‘Universal Pc Care’

How r u doing today?

This call is in regards to your computer as we have been receiving some errors report and warning messages from your computer to our centralized server and its indicating that your computer has some harmful malicious files with malwares and spywares. Are you aware of that?

Yes or No (Customer).

You are not aware of these harmful viruses and malware which is getting downloaded in your computer just because of those infections are hidden in nature, which is why your Antivirus is also not able to detect that.

And they keep getting into your computer and corrupt the hard drive and mother board of your computer and taking your computer to the verge of getting crashed, and also you are not getting update of these infections just because the security system of your computer has also been compromised.

So is your computer on right now, so that I can show you the problems which are there in your computer and you would be able to see them right now.

Look at the left -hand side bottom corner of your keyboard you would find a CTRL key and just beside that there would be a 4 flagged windows key / start key. Press the windows key and the alphabet R key (R as in roger) both at the same time (simultaneously) and you will find a small dialog box appearing at the extreme left-hand side of your computer screen named “Run”. Then you will find a ‘white bar’ beside ‘open’. Now in that white bar type in ‘eventvwr’ (explain using phonetics) and then click on ‘Ok’ or press ENTER. Can you see a new window as ‘EVENT VIEWER’? And at the left hand side of the box you will find event viewer local and there would be a sub option of windows log/ application, security, system. If it comes as window log so double click on windows log you would be getting an option as application security, setup, system just below windows log, now double click on ‘application’ and then you would find list of events which will have blue “I” as information, Red circled errors and yellow triangular icon as a warnings. Now slowly, just scroll down the page and give me a rough count how many errors and warnings are there?

Now again on the left hand side of the page you will find an option ‘system’ under windows log.

This is the system log of the computer Just give a double left click on system and again you would find a list of information, errors and warnings. So just scroll down the page and let me know how many red errors and yellow warnings are there?

Now do you have an idea what these errors and warning are? And how come these get into your computer….

Whenever you are going to Google and when you click on any search suggestions by google or when you surf any social networking sites like YouTube and face book by mistake or accidently your computer tends to download unwanted and harmful files and once these files gets into your computer they keep multiplying them and thereby harming your computers motherboard and slowly corrupts it, thereby it acts like a slow poison for it.

Your Computer then sends Error reports and messages to our centralized server which is specially developed by our technical team as a receptor so that we can retrieve them and find out from it is coming, with the help of the IP address we can figure out the Geographical location of the computer or laptop and then with the help of the geographical location we derive the street address and then we figure out the phone numbers associated with it and then we give a call, only when we see that the issue requires your immediate attention.

Okay, so right now what I will transfer this call to one of our senior technician who will explain you further about this problem of your computer.

We can see that the scam starts already in the third sentence. For such calls you don't need a scammer like Pintu Singh from Pashin Infotech. As this guy is a notorious scammer he will scam you too and not only the called computer users. You cannot trust such a criminal for this reason you need to have your own payment processor. Please remember that nobody will give you money as a gift. Everybody is hard working for his money and does not have more than he needs to survive.

A scammer, which is making such stupid calls need to put into jail and the key to his cell needs to get thrown away. In such a case are the call centers the scammers and creatures like Pintu Singh the instigator or ringleader. In any case as long as the Indian authorities are only interested in making money from their own corruption the reputation of the whole country will go down to a country of scammers. Isn't it a nice outlook for the future? As longer it takes until every real businessman does not take action against the scammers as harder it will be it for him to make a real, legit and genuine business in the future. It does not help anybody if the CEO from Google is an Indian. One rotten apple spoils the whole barrel!

Let's come back to the Technical Support Scam offered from Pintu Singh - Pashin Infotech. As next we read how the supervisor needs to continue the scam:

Senior Supervisor’s Script:-

Hi my name is _________and I am the senior technician. How are you doing today? I believe my agent has shown you the errors and the warnings in the application and system logs of your computer? Do you have any idea what these errors and warnings are? Well they are just a sign that your computer has been badly corrupted and it is full malware and spyware that requires your immediate action. I believe that you know that whenever you buy a computer you get a warranty. And you know that warranty comes with a limited time period of one year. So as you have using this computer from the past ‘X’ no. of years. So the software maintenance warranty of your computer has expired. That’s the reason all the software’s present in your computer and the anti-virus is not working properly and not protecting your computer from these malicious files. These malicious files are so small and hidden in nature that in spite of having anti-virus on your computer, your computer is still getting infected by these malicious files which you yourself can see with your eyes. These malicious files keep on multiplying in numbers and corrupt the boot sector and the hard-drive of your computer. And once it completely gets blocked then your computer might crash down. And I believe that you don’t want your computer to crash down. Right?

So what I will do right now is that I will get you connected to one of our certified technician who will fix up all your problems and will also install all the required software’s to protect your computer so that in the coming future your computer will be absolutely safe and secure and your computer will not crash down. The service provided by the technician and the software’s that out technician will be installing on your computer will be absolutely free but in order to activate the software maintenance service on your computer you need to pay only a one- time payment of _________dollars/pounds for _________no. of years. And in that coming long________ no. of years if you do face any problems with your computer or if you require any software’s for your computer it will be provided to you free of cost within this extended warranty period. You don’t have to pay for that again and again.

Now close down everything and come down to the main screen of the computer and click o n to the internet explorer so that I can connect yourself to one of our certified technician, now once you get the internet page on the screen in the address bar you just need to type in www.logmein123.com and hit enter, now you will see in the next page support connection enter your six digit code so just bare with me I’ll be generating a trail code for you so that connect yourself to the technician…and your six digit code would be 123456 now click on connect to technician…now you will get an option RUN so click on that and again you need to click on RUN so click on again…now you just need to click on every positive options like allow, ok, continue…now you have been successfully connected to one of our certified technician.

Just hold on now I will ask my technician to send you the registration form on your computer screen which you need to fill from your side. You don’t have to provide me any of your personal information or the card numbers to me over the phone. If you have printer in your home then you can take the print out of the receipt after making the payment and you will also get the invoice ant the order no. in your e-mail as well.

LogMeIn is a service and has is not responsible for the scam itself, only their service is getting used for the scam. LogMeIn Inc. gets traded at the NASDAQ. At the Better Business Bureau Boston we can find during the last three years 88 complaints and 31 customer reviews from which is only one positive. I wonder why the CEO from LogMeIn Inc. does not give an oder to make their product more secure? Are they afraid that they would lose some customers, which are only scammer? Is he an Indian too and does he like to help his compatriots in scamming innocent computer users?

After the scam action from the supervisor the victim shall confirm that everything is OK. The only problem is that even if the answer from the victim is that he does not have some problems now that the recording will not help in front of the law court. I think this action should only soothe the conscience of the agents for the case they have something what normal people are calling conscience:

VERIFICATION SCRIPT

Hi this is …….. And I m from the verification department, how are you doing today?

Well, the purpose of this transfer is to check or confirm that you were not pressurized or misled at any point of time.

1. So can you confirm to me “Was the agent polite and courteous with you?”
2. Did he explain you what exactly the issues were in your computer or was he just rushing through with what he had to say?
3. Did you at any point of time hand over any of your card information or your Banking details over the phone?
4. Please be aware that we are not a part of Microsoft and that we are an independent service provider for windows and MAC operating computers
5. Now you can let the computer be on and leave the controls and once the work of the technician will be completed you will be informed about the same with a message on the computer screen.
6. Do you have any more questions for me?
7. So it was pleasure talking to you, thank you for your time and patience and take care of yourself.
8. Bye Bye.

Not only these ones, which are participating at the scam system, are making themselves guilty, these ones, which are knowing about the scam and do nothing against it, are the same way guilty like the scammers itself!

Everybody should think about an old prophecy from the Cree (native Americans): "When the last tree is cut down, the last fish eaten, and the last stream poisoned, you will realize that you cannot eat money."

In this scam cybercriminals call you and claim to be from Microsoft Tech Support. They offer to help solve your computer problems. Once the crooks have gained your trust, they attempt to steal from you and damage your computer with malicious software including viruses and spyware.

Although law enforcement can trace phone numbers, perpetrators often use pay phones, disposable cellular phones, or stolen cellular phone numbers. It's better to avoid being conned rather than try to repair the damage afterwards.

Treat all unsolicited phone calls with skepticism. Do not provide any personal information.

If you receive an unsolicited call from someone claiming to be from Microsoft Tech Support, hang up. We do not make these kinds of calls.

Report phone scams

• Help Microsoft stop cybercriminals by reporting information about your phone scam.
• In the United States, use the FTC Complaint Assistant form.
• In Canada, the Canadian Anti-Fraud Centre can provide support.
• In the United Kingdom, you can report fraud as well as unsolicited calls.

Whenever you receive a phone call or see a pop-up window on your PC and feel uncertain whether it is from someone at Microsoft, don’t take the risk. Reach out directly to one of Microsoft technical support experts dedicated to helping you at the Microsoft Answer Desk. Or you can simply call Microsoft at 1-800-426-9400 or one of Microsoft's customer service phone numbers for people located around the world. 

Microsoft Phone numbers:

• Australia: (Australia callers) 13 20 58 , (International callers): 612 9870 2200
• Ireland: 1850 940 940
• New Zealand: 64-4-470-6583
• United Kingdom: (+44) 0344 800 2400
• United States: 1-800-426-9400

Source: https://www.microsoft.com/en-us/safety/online-privacy/avoid-phone-scams 
(you need to switch your country setting to US/English for following this link)

When Microsoft release information about a security software update or a security incident, Microsoft sends email messages only to subscribers of their security communications program.

Unfortunately, cybercriminals have exploited this program by sending fake security communications that appear to be from Microsoft. Some messages lure recipients to websites to download spyware or other malicious software. Others include a file attachment that contains a virus. Delete the message. Do not open the attachment.

Legitimate security communications from Microsoft

• Legitimate communications do not include software updates as attachments. Microsoft never attach software updates to their security communications. Rather, Microsoft refers customers to their website for complete information about the software update or security incident. 
  
  
• Legitimate communications are also on the Microsoft websites. If Microsoft provide any information about a security update, you can also find that information on their websites. 

Source: https://www.microsoft.com/en-us/safety/online-privacy/avoid-phone-scams
(you need to switch your country setting to US/English for following this link)

Simple install the Adguard browser extension if the promotion, pop-ups and pop unders from the different web pages is annoying you. Adguard AdBlocker is really fast and lightweight. It uses half as much memory as other popular solutions. Adguard can handle Anti-AdBlock scripts. You won't have to turn off the AdBlocker anymore to be able to visit the websites that are using such scripts. Just send a complaint to the Adguard tech support and they will handle it.

Adguard AdBlocker effectively blocks all types of advertising on all web pages, even on Facebook, Youtube, and others! Adguard makes your work on the Internet not only comfortable, but also safe - Browsing Security module blocks access to all fraudulent and malicious sites.

What Adguard AdBlocker does:

• Blocks all ads including video ads (including Youtube video ads), rich media advertising like video ads, interstitial ads and floating ads, unwanted pop-ups, banners and text ads (including Facebook advertisements).
• Speeds up page loading and saves bandwidth, thanks to the missing ads and pop up windows.
• Blocks many spyware, adware and dialer installers (optional).
• Protects your privacy by blocking common third-party tracking systems (optional).
• Protects you from malware and phishing (optional).

Installation:

Firefox: You can install the latest release from addons.mozilla.org or download it from direct link https://chrome.adtidy.org/app.html?app=main.xpi,

Google Chrome: Install it from the Chrome Web Store

Internet Explorer: http://adguard.com/en/adblock-adguard-internet-explorer.html

Opera: You can install the latest release from addons.opera.com

Safari: You can install the latest release from extensions.safari.com

Yandex Browser: Starting with the version 14.2, Yandex.Browser introduced catalogue of recommended Extensions. This catalogue provides the free Adguard extension by default.

Install Adguard for Android: http://adguard.com/en/adguard-android/install.html#howToInstall

Adguard for Mac http://adguard.com/en/adguard-mac/overview.html

The U.S. National Security Agency (NSA) may be hiding highly-sophisticated hacking payloads in the firmware of consumer hard drives over the last 15 to 20 years in a campaign, giving the agency the means to eavesdrop on thousands of targets’ computers, according to an analysis by Kaspersky labs and subsequent reports.

'EQUATION GROUP' BEHIND THE MALWARE

The team of malicious actors is dubbed the the "Equation Group" by researchers from Moscow-based Kaspersky Lab, and describes them as "probably one of the most sophisticated cyber attack groups in the world," and "the most advanced threat actor we have seen."

The security researchers have documented 500 infections by Equation Group and believes that the actual number of victims likely reaches into the tens of thousands because of a self-destruct mechanism built into the malware.

TOP MANUFACTURERS' HARD DRIVES ARE INFECTED

Russian security experts reportedly uncovered state-created spyware hidden in the hard drive firmware of more than dozen of the largest manufacturers brands in the industry, including Samsung, Western Digital, Seagate, Maxtor, Toshiba and Hitachi.

These infected hard drives would have given the cyber criminals persistence on victims' computers and allowed them to set up secret data stores on the machines, which is only accessible to the malicious hackers.

UNABLE TO REMOVE THE INFECTION

One of the most sophisticated features of these notorious piece of hacking tools is the ability to infect not just the files stored on a hard drive, but also the firmware controlling the hard drive itself. The malware is hidden deep within hard drives in such a way that it is difficult to detect or remove it.

If present, once the victim insert that infected storage (such as a CD or USB drive) into an internet-connected PC, the malicious code allows hackers to snoop victims' data and map their networks that would otherwise be inaccessible.

Because the malware isn't sitting in regular storage, so it is almost impossible for a victim to get rid of it or even detect it. Such an exploit could survive a complete hard drive wipe, or the re-installation of an operating system, and "exceeds anything we have ever seen before," the company's researchers wrote in a report.

MORE ADVANCED TECHNIQUES USED BY EQUATION GROUP

The firm recovered two modules belonging to Equation group, dubbed EquationDrug and GrayFish. Both were used to reprogram hard drives to give the malicious hackers ability to persistently control over a target machine.

GrayFish can install itself into computer's boot record — a software code that loads before the operating system itself — and stores all of its data inside a portion of the operating system known as the registry, where configuration data is normally stored.

EquationDrug, on the other hand, was designed to be used on older versions of Windows operating systems, and "some of the plugins were designed originally for use on Windows 95/98/ME" - very old versions of Windows OS that they offer a good indication of the Equation Group's age.

TARGETED COUNTRIES AND ORGANISATIONS

The campaign infected tens of thousands of personal computers with one or more of the spying programs in more than 30 countries, with most infections seen in Iran, followed by Russia, Pakistan, Afghanistan, China, Mali, Syria, Yemen and Algeria.

The targets included government and military institutions, telecommunication providers, banks and financial institutions, energy companies, nuclear researchers, mass media organisations, and Islamic activists among others.

'ANCESTOR' OF STUXNET & FLAME

Security researchers are calling the malware as the "ancestor" of Stuxnet and Flame, the most sophisticated and powerful threats that were specially designed to spy and sabotage ICS and SCADA systems.

LINKS TO NSA

Kaspersky declined to publicly name the country or agency behind the spying campaign, but said it was closely linked to Stuxnet — the NSA-led cyberweapon that was used to sabotage the Iran's uranium enrichment facility.

Also, the similarities when combined with previously published NSA hard drive exploits have led many to speculate that the campaign may be part of the NSA program. NSA is the agency responsible for global surveillance program uncovered by Whistleblower Edward Snowden.

Another reason is that most of the infections discovered by the Moscow-based security firm have occurred in countries that are frequently US spying targets, such as China, Iran, Pakistan and Russia.

Meanwhile, Reuters reported sources formerly working with the NSA confirmed the agency was responsible for the attacks and developed espionage techniques on this level.

NSA INVOLVEMENT COULD BE RISKY

In case, if NSA found to be involved, the malicious program would have given the NSA unprecedented access to the world's computers, even when the computers are disconnected from the outer web. Computer viruses typically get activated as soon as a device is plugged in, with no further action required, and this because the viruses are stored on a hard drive's firmware.

Back in July, independent security researchers discovered a similar exploit targeting USB firmware — dubbed BadUSB — however there was no indication of the bugs being developed and deployed by Equation Group at this scale.

The issue once again raises the questions about the device manufacturers' complicity in the program. They should take extensive and sustained reverse engineering in order to successfully rewrite a hard drive's firmware.

For its part, the NSA declined to comment on the report.