Scammer number:
Scammer website: (888) 573-6659
Fake service they are refunding:
Any other scammer information:
2 Likes
Here is the scammer’s script:
Thank you for calling microsoft support this is andrew how may i help you today?
Okay is this the
first time you got this alert?
What were you doing on your computer when you got this alert?
Is this a personal computer or a work computer?
Okay it seems like there is a breach on the network and that means it is an attempt of hacking that has taken place on the device,
so you need to follow some of my instructions so that i can connect your computer to a secure microsoft network to make the connection completely safe and secure as it is an hacking attempt.
After opening make customer close the popup by alt+ctrl+delete.
Take the remote without letting the customer know.
After taking the remote -
Okay sir i really appreciate that now i have connected your
computer to a secure microsoft server,
the reason why i made the connection secure because there are some active hackers who were trying to get into the computer so i made your connection and the network completely safe and secure.
Okay sir now i am gonna guide you through some steps through which you can run some security softwares yourself on the computer and you have to tell me the results of those security scan. Now press the windows key and R then type down EVENTVWR.
Okay sir now do you see an event viewer box on the screen? This is the security software installed by microsoft in all the microsoft computers and you can check the recent events that are happening on the computer, now look at the left side top of the eventviewet box do you see custom views, double click on that, now in the center do you see administrative events? Double click on that. What do you see now? You said you see errors and warnings okay sir these are the errors and warning generated by your computer every time the hackers tried to get into your computer, so at the top do you see the number of events? Its 1034 you said? Alright sir that is a pretty huge number and that means the hackers tried to get into the computer 10847 something times.
Okay sir so now as we can see that this is a hacking attack and the hackers tried to get into your network, so we are gonna check the status of your network through some commands, for that you need to press windows and R. Then type down CMD. Okay sir do you see a black box on the screen? Yes this is the command prompt of the computer and through this we can check the status of the network by giving some commands, so sir in the black box do you see a cursor blinking? Right from there start typing NETSTAT then hit enter. Now you will see the command will start working when it stops working give me a shout. Okay sir now do you have four coloumns proto local add foreign add state? Tell me what do you see underneath the foreign add bar, so do you see some letters some numbers or something written over there? Okay and the last coloumn is the state bar, what do you see underneath the state bar? Oh you said established oh my god can you count them for me how many of them ate established? Okay sir now listen to me very carefully Okay the first coloumn is the local address bar which is your ip address, do you know what is an ip address? Its a unique id which is the physical location of the computer, so just like you have a home address your computer and your network also has this unique ip address which represents you in the virtual world and it is the physical location of the computer. Next coloumn is foreign address and you told me you have some letters and numbers over there which means some addresses and last coloumn tell us the state which you said is established in 10 of them? So sir all those are the foreign addresses all those are the hackers which are indirectly established on your ip address, that means they are using your ip address they are using your identity to do some illegal activities online using your identity
.
And sir while working on your computer and your home network we got to know that even your phones lines are being completely hacked and compromised by the hackers and they are maybe monitoring each and everything. So we need to secure your phone lines as well, and for that we have a specialized phone line by microsoft that can secure the phone lines if we call using that line and stay connected on that one because they cannot be breached and the hackers cannot get into it.
Take customer cellphone number is you were connected on a landline and call his cellphone number now.
Okay this is the high security microsoft line provided by microsoft which secures the phone lines when we call the customers using this one, and your lines are secured until they are connected with us on this call, you need to make sure that you do not disconnect this phone call at any moment because in the case the phone lines can be breached again.
Also i want you to grab a pen and a paper and note down my name and employee id.
Give the customer your NAME, EMPLOYEE ID, DIRECT EXTENSION.
IMPORTANT
(Keep the customer reminding during the call that his phone lines are hacked and he cannot disconnect the phone call, make him turn off his wife/daughter’s cellphone as well amd tell him that the only call he has to answer and dial is microsoft)
Okay sir now that there are active hackers on the computer we need to go ahead and check a few more things because the hackers are continously trying to compromise the details.
Do you open up your emails on the computer?
Do you use facebook on this computer?
Do you do online shopping on this computer?
Do you do online banking on the computer?
Okay sir now i want you to open up and check your emails and look for any emails that do not contains any subject or any email that looks suspicious to you, we need to make sure if you had recieved any suspicious email from the hacker or not. Check you spam box check your trash box check junk.
Okay sir and you also told me that you do online shopping and banking on the computer that means you have your financial information on the computer so i want you to go ahead and check your online banking and see if everything is fine with your online banking or not? If you have accounts with multiple banking institutions check each one of them, and if you have credit cards check all your credit card accounts one by one, you need to have a closer look at your account balance and your account statements from the last 24 to 48 hours and if you see any suspicious charge, just let me know about it.
Take clear pictures of the account balance and account statements.
Okay sir that’s great if everything is fine with your account now please close down everything and do you allow me to get connected with the computer and run a few major scans by myself?
Then open cmd and run a scan and type down:
Network infected.
Foreign connections found.
Chase/boa/wellsfargo account or credit card details hacked.
After showing that account details are hacked ask him sir do you have an account with xyz bank?
Okay sir now as this majorly scan shows that your account details are hacked, here we would not take any risk we will let your bank know about the same that the account is being hacked or monitored.
But sir as your phone lines are completely hacked we cannot take any risk, we cannot disconnect this phone call and let you dial the bank by your hacked line, so the best here i can do for you is we can connect you with your bank from this high security microsoft line which we are using to call you.
Okay now look at the back side of your debit/credit card you will see a bank’s customer service toll free number starting with 1800, you have to tell me that number so that i can connect you with them
After customer gives you the number*
Okay sir now i am connecting you with your bank, after you get connected with your bank you have to follow the ivr, do you know what does that mean? It is the automated voice that says press 1 for accounting details press 2 for customer service, that is the ivr and you have to follow that ivr and after you get connected with the bank person just tell them each and everything about the hackers and the hacking attack and tell them to put your account under surveillance for the next 24 to 48 hours because sir microsoft is going to take 24 to 48 hours to fix up everything.
3 Likes
Oh also here is the Ip information:
122.161.229.4 (airtelbroadband.in)
Country : India (IN) Area Code : Unknown ISP : Airtel Broadband
City : Delhi Zip Code : 110003 Longitude : 77.237300
State : DL Metro : Unknown Latitude : 28.654200
202.173.125.2 (202.173.125.2)
Country : India (IN) Area Code : Unknown ISP : Excitel
City : Delhi Zip Code : 110003 Longitude : 77.237300
State : DL Metro : Unknown Latitude : 28.654200|
Also here is their other number: (551) 722-6166
@ScammerRevolts You did a exceptionally great job on this one buddy! Very enjoyable, at least to me. Great resource haul too! 
1 Like