D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Indian "MCSE" phone phishers again

 

On 15 Oct, 2011, at 4:59 pm, Martijn Grooten wrote:

On Sat, Oct 15, 2011 at 3:36 PM, Philip Hudson wrote:
Got a website for one that's been harassing me this afternoon, efix.co (don't go there!). Who would be good to report the site to, with a view to
getting it blocked/flushed from DNS?

Hmm. Tricky. .co is Columbia. Accoding to www.whois.co the domain is
registered to an Indian company. The domains vidyarthimitra.com and
jptechnoworld.com are owned by the same group -- all use the web
server 173.248.153.104. I'll do a bit more research later, see if we
can get these guys down.

(I wouldn't normally want a domain to be taken down because of one
report of bad behaviour. Heck, I have had such calls from "BT" and I
wouldn't want to take down bt.com. But this is smells so dodgy, at the
very least it deserves full attention.)

Thanks Martijn. WRT "one report": these seemed to be the same guys I've discussed before on this list, working from the same script. They called me three times just today and ran me through six of their increasingly senior bogus "engineers" trying to dupe me into installing their malware while I ran up their phone bill for them, eventually giving them some verbal GBH.

Interestingly, five of them failed to tell me which version of Windows I had registered*, but one of them eventually called it, confidently and correctly. That makes me think they may have somehow got access to genuine MS data. OTOH, they had my current address, which (perhaps naively) I don't think MS knows.

* Long ago, but I didn't tell them that. Needed it for syncing a PDA that had no linux or MacOS sync.

--
Phil Hudson                  http://hudson-it.no-ip.biz
@UWascalWabbit                 PGP/GnuPG ID: 0x887DCA63


--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq