Scammed by Right PC Experts? Here's What to Do

Dennis Faas's picture

Infopackets Reader Cindee T. writes:

" Dear Dennis,

The other day I was using my web browser and suddenly received a message that my computer was infected and to call 855-551-7666 to have it fixed. There was no way to close the warning screen - I was scared and didn't know what to do! I called the number and spoke to 'Right PC Experts' (rightpcexperts.com). The person I spoke to had a very thick Indian accent. To fix the virus warning, he remotely logged into my computer and installed a bunch of security programs, by the names of 'Anti hacking', 'Email Security', 'Network Firewall' and 'Network Security Shield'. I paid $399 for having them 'fix' my computer. After reading your article about PC Network Experts (pcnetworkexperts.com), I am quite certain I have been scammed. My biggest worry is that they still have access to my machine and may delete files or lock me out of the computer once I cancel the payment from my credit card company (and report them as fraud). Can you PLEASE help! "

My response:

I asked Cindee if she would like me to connect with her using my remote support service in order to have a closer look, and she agreed.

Below I will discuss my findings.

Right PC Experts = Fake Tech Support

First and foremost, if you ever receive a "warning" that your computer is "infected" and to call a 1-800 number to "fix it", it's a scam.

I decided to do a 'whois' lookup to see who owns rightpcexperts.com - and low and behold - it is the same scammer that is running pcexperts.com and webnetworkexperts.com that I reported only a few weeks ago. What's interesting is that all 3 of these websites have 3 different 1-800 numbers, yet they are registered by the same person (supposedly, the owner is "Sumit Singh" and is located in New Dehli, India).

You have to ask yourself - if this was a legitimate company why would they be operating under different website / company names and have different 1-800 phone numbers? The answer is simple - it's a scam!

For the record, here's a video showing how the scam operates:

Fake Security Programs are Actually Malware in Disguise

After examining the "security programs" that Cindee mentioned to me in email, I decided to upload the files to virustotal.com to have them checked against 40+ antivirus programs simultaneously.

Here's what I found:

  • The "Network Security Shield" (which the tech support scammers claimed is meant to protect the user against hackers) is actually a Trojan known as "FileRepMalware". This type of Trojan (malware) can be used to download and infect the system with other malware, which can then steal personal information (for example).
     
  • The "Email Security" the scammers installed was actually a "Win64.Dropper.dt" Trojan Dropper. This Trojan in particular silently stays active in memory, waiting and listening for instruction (by remote) from cyber criminals. Once activated, criminals can install malware by remote onto the machine without the user knowing, including spy tools, key loggers, password sniffers, remote access backdoors, etc.
     
  • The "Network Firewall" program they installed came up clean, but it is completely bogus. In other words, it's fake - just like the tech support being offered by rightpcexperts.com.
     
  • The "Anti hacking" tool they installed is the scariest by far. Virustotal.com reports that this program is actually a keylogger. That means the scammers can record your keystrokes in order to steal financial information; the data stolen is then relayed to cyber criminals (for example).

Here's a screen capture I took of Cindee's machine to show the fake security programs they installed as mentioned above!

Scammed by Right PC Experts? Here's What to Do

Now that you know rightpcexperts.com is a scam - and worse yet - that the programs they install on your computer to "fix" the problems are actually malicious, here is what you need to do:

  1. First, cancel the payment you made to the tech support scammers. Keep in mind that they usually won't transfer the money for a few days because they are busy scamming hundreds of other people daily. The scammers will often ask for your bank account; if not, a credit card.

    In either case, call your bank immediately and tell them what is going on and try to cancel the payment. If you paid by check this is extremely problematic because the scammers now have your name, address, bank name, bank address, bank account number, etc - which means they can hit your bank account whenever they want.

    As I mentioned already, rightpcexperts.com is the same scam company as webnetworkexperts.com and pcnetworkexperts.com, and they likely operate under other multiple, fake company names (and more to come - I'm sure), which makes it difficult to block transactions by the bank.

    There are other bullet-proof ways to block transactions to ensure your money is safe, but it is considerably more involved. Based on my experience this requires some explaining, so if you need help with this I am more than happy to assist - contact link here.

    Note that if you paid by gift card (iTunes, Amazon, etc) then you have little to no recourse, as those methods of payment are irreversible once you've given them the PIN number.
     
  2. Second, don't answer the phone when the scammers call you back - and believe me, they will - whether it's days, weeks, or months later. Each time they call, they will claim something else is "wrong" with your machine and try to sell you more fake tech support not covered by your initial fake contract [pic]. More often than not the cost is higher than the first time because once they smell blood (your money), they will do everything they can to get more.

    Based on what I've been told from clients, these scammers will call back with a fake follow up call to make sure you're satisfied with their fake tech support. If you say "no", they will do everything they can to convince you to let them back in your machine. They will even get their fake "manager" on the line, like it's some sort of priority escalation to make sure you're happy receiving their fake support. Don't fall for it!
     
  3. Finally, hire a REAL professional (such as myself - link here) to look over your system to undo the damage caused by the scammers. Based on my experience, the scammers will leave on average 3 to 5 hidden backdoors (open connections) on your system. That means they can get back into your computer and do whatever they want, whenever they want.

    Please note that based on my experience, the scammers will either lock you out of your machine (changing your password), delete all your files remotely, or install ransomware on your machine once they find out that you either didn't make the payment or canceled the payment - so if you are not sure what to do, please contact me first (link here) or you will be in a world of hurt!

    Also worth noting: one of my clients had $18,000 stolen from his account only DAYS after having scammers in his machine. What's very interesting about this case is that he swears he did not give them the account number that the money was taken from. Therefore I suspect the scammers installed a keylogger or password sniffer once they connected to his machine - similar to the malware I've already mentioned in the article - then stole his financial information afterward!

    A real PC expert, such as myself, can find these backdoors and threats and eliminate them. Once again - based on my experience - antivirus and antimalware won't find these threats because they are often legitimate software programs used in nefarious ways. You have been warned!

For the record, I have helped countless people with this scam and know exactly where to look to eliminate these threats.

Additional 1-on-1 Support: From Dennis

If you are reading this article right now because you've been scammed, I can help. I get emails all the time about this scam; some people even ask me "How do I know you're not a scammer, too?" My response to this is that you can read my articles I've published over the last few years and also review my resume. Based on that, you should be able to understand that I am in fact legitimate, compassionate, and am more than willing to lend a hand - simply contact me, briefly describing the issue and I will get back to you as soon as possible.

Rate this article: 
Average: 4.9 (15 votes)

Comments

buzzallnight's picture

There should be a sticker on all computers explaining scams.
Scams like this have been going on for a long time now
there really is no excuse anymore for not knowing about this.

kitekrazy's picture

I've had this happen once in awhile. The other one is the fake flash player update. There are youtube videos of people getting back at the scammers using a virtual machine and locking scammers out of their own systems.

Dennis Faas's picture

The malicious advertisements make their way onto your machine when you visit a website and your web browser is served malicious code from a malicious ad server.

99% of the time browsers download ads from legit servers - and ads are served from almost every single website online. But, sometimes legit websites are compromised and serve malicious ads (because hackers hacked the website), or legit ad servers are compromised and serve malicious ads for the same reason. Or, it may be that you accidentally / or fully knowingly visited a malicious website that serves malicious ads 100% of the time.

Once the malicious ad code is downloaded to your web browser it will likely sit idle for some time, until it detonates / becomes active, even when you are visiting a legit site.

Once the malicious ad is displayed (I.E.: "your computer is infected"), it will lock you out of the machine and demand you call a 1-800 number to "fix" the issue.

kitekrazy's picture

I've never had an issue closing the browser. I would run scans and nothing shows up. Just to verify I would use more than one scanner. This only happened using Chrome.

Some will use a phone book and make random calls.

lgitschlag_3159's picture

Yea, Cindee, I'm glad you talked about this! Be sure to change your credit and bank accounts so they can't possibly return and rip you off some more. That scam hit me several times & each time I had to re-start my pc to get rid of it. As the first tab (with the scam) began to re-load I quickly started a 2nd tab and closed the first tab before it finished loading and, voila, no more scam. Worked every time. (If I was too slow, the scam came on again and I had to repeat myself.) I seldom see it anymore. Does anyone else find a different way to handle this?