Scammed by Easy / Net PC Expert? Here's What to Do

Dennis Faas's picture

Infopackets Reader Jerald B. writes:

" Dear Dennis,

I was using my computer the other day, then all of a sudden the screen turned red and started flashing, telling me my computer was at risk and I must call 1-855-551-6777 to find out the problem. I was on the phone for about an hour and a half, and the people that I spoke to had a very thick Indian accent. They told me that my IP address was open to anyone who wanted to use it and I must encrypt my IP address for the price of $399.00, otherwise hackers would get into my machine. I reluctantly paid the fee and felt uneasy about it. That's when I did some research and came across your post about PC Network Experts. Now I feel like I was scammed. According to the text document (receipt) on my desktop, the company that billed me is Net PC Expert, though my credit card statement says that it's Nexway. I want to report this transaction to my credit card company, but I'm scared to death that Net PC Expert will delete all my files or lock me out of the machine (as you mentioned in your other article) when they find out I've reversed the charges. Can you PLEASE help? "

Update 20200116: I'm getting a lot of emails from folks asking for help on this. If you want this problem fixed ASAP, send me an email and don't forget to leave your phone number. I will call you back as soon as possible.

My response:

According to the whois record for netpcexpert.com, the domain (website name) was created on January 3, 2020 - only 3 days ago at the time writing. The domain is registered in New Delhi, India.

For the record - any time the computer says it has a "problem" and you are asked to call a 1-800 number to "fix the problem" - it's a scam! This scam follows the exact same pattern and is most likely being perpetrated by the same idiots as Easy Net Experts, PC Network Experts, Smart PC Experts, Expert4Help, Live PC Experts, Informatico Experts, who are likely also responsible for the PayPal tech support scam and sending out fake PayPal emails (invoices).

Net PC Expert / Easy Net Experts = Fake Tech Support

Net PC Expert (netpcexpert.com) and also Easy Net Experts (easynetexperts.com) are run by a very large criminal organization in India. These people are pure evil and will do everything they can to take your money - whether it's selling fake technical support, or by stealing your financial data and/or wiring your money overseas.

Based on my experience in dealing with this scam over the past 6 years, it goes WAY deeper than losing $399 for fake technical support.

Here's what really happens:

  1. Once the scammers connect to your machine, they will tie you up on the phone for about an hour or an hour and a half, claiming that they are "examining the problem".
     
  2. During this time, the scammers are actually searching your machine for financial information and downloading it to their servers, including bank statements, tax statements, passwords, and the like. They will use this information to scam you, use it against you (to frighten you), or steal your money by wire transfer.
     
  3. At the same time, the scammers install multiple remote access backdoors so they can get back into your PC whenever they want.

    The remote access backdoors serve multiple purposes, including:

    a) being able to connect to the machine at a later date in order to steal more financial information, monitor your activity, record keystrokes, including passwords to financial institutions.

    b) being able to propagate more scams by remote. For example, they will upload malware to the machine at a later date (without you knowing it) then call and say your computer has been hacked. This time, it will cost more money than the initial scam - usually hundreds of dollars more.

    c) the remote access will guarantee your payment to them. If you don't pay, they will punish you remotely by deleting your files or lock you out of the machine. This has already happened to many of my clients.
     
  4. All of the above will repeat indefinitely until the bank accounts are drained and/or the victim wises up.

Scammed by Net PC Expert / Easy Net Experts? Here's What to Do

When I connected with Jerald I found 3 remote access backdoors still active on his machine. In fact, one remote access backdoor I found had an activity log: they were in his machine all day long. Jerald also admitted to me he was using his online banking that same day.

If you let the scammers in your machine, here's what you need to do:

  1. Power down the machine and do not use it until it can be properly cleaned. If it's powered off, they cannot connect to it.

    In terms of having the machine cleaned: you are free to take it where you like, but please be advised that most computer places / tech savvy people have absolutely no clue where to look to undo the damage caused by the scammers. Trust me when I say this, because I've been dealing with this scam for over 6 years and the scammers don't make it easy to remove their remote access backdoors on purpose.

    In one case, a client of mine took his machine to Best Buy and asked specifically for them to remove any remote access backdoors and malware. I warned him against this and he agreed to have me look at it. When he got it back, I examined the machine and found that Best Buy had missed 5 remote access backdoors and a keylogger, which would have recorded his keystrokes (passwords) and sent them to the scammers. In short: he was no better off than before he gave them the machine, plus he's out $150 - the price for bad tech support. You have been warned!

    On the other hand, I am a senior systems administrator (view my resume here) and have been dealing with this scam for over 6 years and know exactly where to look and undo the damage - contact me here. To date I have found close to 20 remote access backdoors and variants used by the scammers. I can also provide evidence that I am who I say I am if you need it.
     
  2. Once the machine is cleaned and remote access backdoors have been removed, I will outline a plan to retrieve your funds.

    Timing on this is critical, especially if you paid by credit card. I have a very high success rate in getting my clients' money back, but it also depends on the circumstances. For example, if you paid by check then you are going to be in a lot of hot water because now the scammers have the full name and address of your financial institution, your bank account number, address, your name, etc. That said, I know exactly what you need to do in order to keep your money safe. Note that if you paid by gift card, the money will not be recoverable.
     
  3. Don't answer the phone when the scammers call you back - and believe me, they will!

    The scammers like to do fake follow up call to make sure you're happy with their fake technical support services. This is all part of the illusion to make you feel like you've been in contact with a legitimate tech support firm. Here's the kicker: if you're not happy with their services, they will try to convince you to let them back in the machine. DO NOT DO THIS. In this case they will likely try to do a reverse refund scam. This happened to one of my clients and she lost an eye-watering $20,000 dollars! This is NO JOKE.
     
  4. CRITICAL: Please talk to me FIRST before you call the bank or credit card company. I have plenty of experience with this and if you tell them the wrong thing, you will either not get your money back at all, or they will hold your money in purgatory "pending a review."

    Also, critically important: if you attempt to reverse the charge prior to having the machine cleaned AND the scammers find out you did this, they will seek retribution (punishment) by deleting all your files / lock you out of the machine / make it so your Internet stops working. This can be a costly fix. Ideally you should contact me first, have me remove the remote access backdoors, then proceed with reclaiming funds - otherwise you will be in a world of hurt with the possibility of not getting your money back. You have been warned!

    Consultation with me is free (up to 15 minutes) on the phone - click here to email me now and leave your phone number. I promise to call you back ASAP after 1 PM EST typically as I am on the midnight shift. I can also provide evidence that I am who I say I am if you need it.

Feeling Overwhelmed? I'm Here to Help

If you're reading this right now and you've been scammed by Net PC Experts, don't worry - you're not alone. I have been helping clients with this scam for over 6 years and can help you recover your funds, make your machine safe to use, and advise you on any concerns you may have. If you need help, simply send me a message briefly describing the issue. Don't forget to include your phone number and I'll email or call you back as soon as possible. I can also provide evidence that I am who I say I am if you need it.

"How do I know you're Not a Scammer, too?"

I've been publishing since 2001 and have written 6 books on MS Windows, Internet and Security. I get emails all the time about this scam; some people even ask me "How do I know you're not a scammer, too?" My response to this is that you can read my articles I've published over the last few years and also review my resume. Based on that, you should be able to understand that I am in fact legitimate, compassionate, and am more than willing to lend a hand - simply contact me, briefly describing the issue and I will get back to you as soon as possible.

About the author: Dennis Faas

Dennis Faas is the owner and operator of Infopackets.com. With over 30 years of computing experience, Dennis' areas of expertise are a broad range and include PC hardware, Microsoft Windows, Linux, network administration, and virtualization. Dennis holds a Bachelors degree in Computer Science (1999) and has authored 6 books on the topics of MS Windows and PC Security. If you like the advice you received on this page, please up-vote / Like this page and share it with friends. For technical support inquiries, Dennis can be reached via Live chat online this site using the Zopim Chat service (currently located at the bottom left of the screen); optionally, you can contact Dennis through the website contact form.

Rate this article: 
Average: 5 (9 votes)

Comments

marrshh_13157's picture

Good information. Pretty frightening. Glad to have your contact info!

ijac's picture

Dennis thanks for all you do for the world we need more people like you. I hate any type scams but these guys are the worst.They scam seniors and others out of there life savings, we need some type of education like your newsletter so thanks for that also. Keep up the good work I've been reading your newsletter I think form the early days when it started.

russoule's picture

Dennis,

Is there a speial procedure to follow when one of these foreign (Indian or Chinese) firms takes money for a service or product ad then fails to produce? What if payment was via PayPal?

There is currently a firm out of China that advertises a 1TB flashdrive for $29.99 plus shipping, but ships a 64GB flashdrive instead. I believe this also qualifies as a scam.

Keep up the good work and let's have some more articles about the various devices that are sold and not delivered.

rep's picture

Jerald says "I was using my computer the other day, then all of a sudden the screen turned red and started flashing, telling me my computer was at risk and I must call 1-855-551-6777 to find out the problem".

My (probably naive) question is: how did this message get there in the first place? Had he clicked on some e-mail attachment or on something in a malicious web-page?

And didn't he have a firewall and Antivirus?

Dennis Faas's picture

This is an excellent question and I typically explain this when I'm connected with the client. The red "warning" screen that Jerald describes is typically through the browser, though generally speaking these types of "warnings" appear in one of six ways that I know of:

1. The user clicks on click-bait for a story on President Trump (for example), then ends up being redirected to a malicious site. This is what happened to Jerald.

2. The user knowingly visits a website offering pirated software, clicks on a link, and is instantly redirected to the malicious site / page.

3. The user downloads a program off the Internet and it comes bundled with a third party program (slim cleaner, for example), which then delivers malicious ads to the machine and/or infects the machine.

4. The machine is infected with malware and displays malicious ads.

5. The web browser is infected with a malicious cookie / javascript, and is activated even when a user visits a legitimate website. I call this the "ticking time bomb".

6. The user visits a legitimate site but the website itself has been hacked and legitimate ads are replaced with malicious ads.