An Analysis of an Attacker’s Attempt to Control my Windows Machine

(Note: This blog post was originally published on September 30, 2014)

This morning, I received a call from a Short Code phone number (609773). The number looked strange (I don’t think I’ve ever received a phone call from a Short Code phone number before), but I decided to answer. What transpired is an analysis of the conversation I had with someone who was trying to hack into my Windows PC.

The man with a thick accent said that he was calling to inform me my computer had not been updated in quite a while, and asked if I was aware of this. He said that this could lead to system files becoming “outdated or corrupted.”

I quickly decided that this was a perfect opportunity to speak with a black-hat hacker and learn about some of his methods. (Note that I put am emphasis on “black-hat” because hackers in-and-of themselves are not necessarily evil people. You might have cousins, family members, or friends who are “programmers” for a living. If they are a programmer, they are a hacker. Again, let me emphasize: A “hacker” is not necessarily a bad person!)

I said “no, I wasn’t. How do I fix it?”

He first had me open up msconfig, a Microsoft Windows utility for editing and troubleshooting programs that run when the computer is first turned on. He had me click on the “Services” tab and then double click on the Services tab underneath. He asked me to tell him how many services were in a “Stopped” status.

I said “several.”

Now let me pause here by saying that nothing he had asked me to do (so far) was harmful to my computer. Msconfig is a legitimate program, and it is safe to use. I am assuming that he directed me to see all of these “stopped” services so that I would be more concerned and hopeful that he could “fix” these services so that they would all start when the computer started (which is actually not at all necessary).

The man on the other end of the phone then directed me to go to a website (supremocontrol [dot] com) and then directed me to click on the Download button, and then to download the software from that download page.

Update: According to some research I’ve performed, Supremo Control seems to be legitimate software. Scammers commonly want to gain remote access to your PC, and they will use valid tools to do this. Supremo Control software is not the problem in this case. The scammers who are using the software ARE the problem.

That said… I can’t find a whole lot of information about Supremo as a company. Google “Supremo” by itself, and you get results for the company. Google “Supremo Scam” and you get a whole lot of results about people complaining about the scam. I wish there were more articles, or even a Wikipedia article, that would help legitimize Supremo as a company.

While he continued to give me instructions, I was already logged into my local CentOS 7 test machine, and so got a copy of the homepage and of the “Download” page of this malicious website.

At this point, I stopped following his instructions, as I didn’t have a safe Virtual Machine of Windows running at the time with which I could test without getting my primary Windows install infected.

After directing me to “run” the downloaded file, he asked for a 9-digit number (which would identify my machine to him so that he could login remotely, and then a 4-digit “password” that the program supposedly was supposed to provide.

After telling him repeatedly what these numbers were (even though I made them up out of thin air), I could tell he was very confused because he couldn’t connect to my system! After a few seconds of silence while he tried to figure out what was going on, I hung up on him.

In summary, let this be a reminder and a lesson for ANYONE to never trust a computer “technician” who calls you out of the blue and tells you that your computer is infected. You should always ensure that the person you talk to on the phone regarding the security of your computer is someone you know and someone you trust.

In the future, I will hopefully be able to analyze the file, but I don’t have the resources to do it (safely) right now. If I had an operational VirtualBox of Windows, I would have loved to have continued our conversation through the very bitter end, so that I could learn more about his tactics!

Questions or comments? Let me know!

 

Addendum (posted in December, 2015): Due to the number of comments requesting assistance, here are a few resources.

  • Develop CENTSMy Company, Develop CENTS, provides IT consulting, technical support, web hosting and more. I’ve written several blog posts on security-related issues, all of which are accessible at https://developcents.com/blog/Note that I run this business for a living, so if you contact me directly, I will only be able to provide some general guidance. For more in-depth support, I will ask you to pay my standard hourly rate.
  • Malwarebytes: If you are concerned that your computer may be infected by a virus, then one of the programs I typically recommend is Malwarebytes. Note that the free version can only legally be used by individuals on non-commercial computer equipment (i.e. if you use a computer for business functions, then you should get the paid version)
  • Spybot Search & Destroy: Spybot is another good antivirus / antimalware program. Make sure to read and understand the licensing. For example, if you’re a business, you should not use the free version.

73 thoughts on “An Analysis of an Attacker’s Attempt to Control my Windows Machine

    1. David Post author

      George,
      Sorry to hear about this. I would highly recommend running anti-virus scans and anti-malware scans. There’s a great program called Malwarebytes which has a free version and a version you have to pay for.

      The free version is only free for non-commercial use. If your laptop falls into that category, that version is sufficient. It’s a great program: https://www.malwarebytes.org/. If all else fails, you can reinstall Microsoft Windows, but you should make sure you have all of your files backed up first.

      If there’s anything I can do through Develop CENTS (https://developcents.com), please don’t hesitate to contact me.

    2. liz snowdon

      hi i fell for this scam yesterday,now im worried sick,as im not at all technical or savvy when it comes to these things
      i dont know what to do to get control again HELP PLEASE

      regards
      liz snowdon

  1. Hima

    Someone called me this morning saying he is from microsoft and my laptop is sending them errors and warnings. He made me go to run and then type eventvwrs and and showed me all the errors and warnings and asked me if I knew why it was happening.I said no and he continued saying it was these errors and warnings that he was receiving and it was related to my microsoft license.I believed him and then he asked me to download supremo.But while I was downloading supremo my google search bar showed me a link pointing to supremo scam. And at the same time my husband walked in and seeing the scam page on my laptop took the phone receiver from my hand and asked the scammer where he got our number from.He couldn’t answer and called my husband son of a bitch and hung the phone.

    Reply
    1. David Post author

      Hi Hima,
      I’m sorry to hear that happened. As I mentioned in the blog post, Supremo is legitimate software, and they aren’t the problem. The problem is with the people (the scammers) who use that software. If you’re worried that your computer might be infected, I would recommend scanning your computer with a program called Malwarebytes (available at http://malwarebytes.org, and free for non-commercial use).

    2. S. Duwe

      I am in a similar situation, but willingly subscribed to “pcrepairnservice.com” which used Supreamo to setup the security. Tonight, a caller from pc service told me they were going out of business and wanted to refund my money. Wanted to access bank account—red alert! More but lesson learned. I even checked “scam advisor” about company. Law enforcement may get in on this.

  2. Davide Costantini

    Hello,

    I’m Davide Costantini from Nanosystems, we develop and sell Supremo.

    Thank you for sharing your story, it’s always nice to see links in the Google SERP explaining what a tech phone scam is.

    And thanks for highlighting Supremo isn’t involved with the scammers.

    I’m sure this page can save some potential victim from these fraudesters.

    Have a great day.

    Davide

    Reply
    1. David Post author

      Hi Davide,
      Thanks for stopping by – and you’re welcome! As an IT Consultant, I know that these things can be very frustrating to end-users. I do find it funny that it’s been about a year since posting the above blog post, and yet it’s only been within the last couple of weeks that there’s been some comments & discussion here about it.

      Just last month, I wrote about some other common internet scams on my company blog at https://developcents.com/2015/07/28/internet-scams-technical-support-domain-name-registration/.

      I hope that this post helps people realize that Supremo isn’t the enemy. Almost any tool on the internet can be used for nefarious purposes.

      Edit addition to this comment on 11 November 2015: I don’t actually know from personal experience if Supremo is legitimate software, and I cannot recommend it as such, nor can I say definitively that it is “malicious” software.

    2. Phil-VA

      Davide, if you folks are legitimate you have a problem. Today (approx 2pm EST, 10Nov15) I got a call described below, apparently very similar to many other posts. I didn’t download anything, but “Supremo” is inked in on my “avoid” list now. If you are innocent you need some pro-active defense. Good luck.

  3. Stuart

    Got a call today from an Indian sounding gentleman. Supposedly big problems with my Windows Software and Computer Hardware. Went along with him. He got me to pull up my logs with “eventvwr” and then asked me to download the remote control software from supremocontrol.com
    Told him “that’s enough, I know your game” … He hung up.

    Kudos for taking the time to highlight this scam on your website. Have a nice day.

    Reply
  4. Mark

    I just got one of these scam calls. Caller ID was blank but he said he was calling from Boston. I played along just to see. He had me do Win-R to run CMD, then run ASSOC on the command line. Then, he had me find the long line which was .zfsendtotarget=CLSID\{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}. Then he told me that CLSID was Customer License ID or some such nonsense. Then he read me the CLSID number to try to convince me he was legitimate. I played along. Then he had me do Win-R to run EVENTVWR (Event Viewer) and showed me how there were all sorts of errors on my computer (which I know is quite normal). Then he had me do Win-R and then http://www.supremocontrol.com. Not knowing what kind of web site this was, I stopped playing along and gave the guy a hard time. He was still quite insistent that his company was legitimate. I asked for a company phone number. He provided 857-999-0942, but I did not call it. Pretty interesting how he tried to gain trust, but no one legitimately calls out of nowhere to fix your computer.

    Reply
    1. David Post author

      Thanks for sharing! Interestingly, while I’m fairly convinced that Supremo is legitimate software, I can’t find very much about it. When I run a search in Google for “Supremo”, the company website is the first result. But I’m surprised that there’s no Wikipedia entry by now for Supremo, given how many people complain about scammers using it to gain access to a computer for malicious purposes.

      If you run a search for “Supremo scam”, a lot of results come up.

      While I do think Supremo software is safe and has a legitimate use-case, these things do make me wonder.

    2. Jim R

      Now they are using pop ups that can’t be closed and supplying a phone number to ring so that they can say “you rang me”. In Australia it is an offence to ring someone who has their number on the Do Not Call register and so they avoid any transgression by getting people to call them. It is a free call 1800 number ( allegedly ) i will see when i get the next bill as i tie up these scammers for as long as possible to make it unprofitable, and to save some other poor sucker.

    3. Andy

      Similar story here, I went to the page (through CMD) that gives …CLSID 888DCA60 etc etc. He told me this identified my computer, but the 888DCA60 bit at least is exactly the same.

  5. Bryan

    Great read, and I just got off the phone with yet another scammer. Had me follow all the above steps, CTL-R, then errors, then he tried to get me to that Supremo website.

    I am to the point where I love to waste their time, so I play dumb and take forever to do what they ask. I figure every minute they spend on the phone with me is less time they have to rob someone else. When I finally told him that I knew his game, the guy gave me a hearty “F**K you,” and hung up on me.

    Microsoft will NEVER call you out of the blue, they will send you an e-mail and handle any issues that way. Just have fun with them, go look up some insults in Hindi, and watch them lose their minds!

    Reply
    1. Joan

      Awesome response! I just had a call from them 2 days ago and told the scammer/agent that my computer was not plugged in. He said he would call back in 2 days and sure enough, he did. Meantime, I did some research from log files to TOR software to scams. I also kept them on the line until he hung up after telling me that they owned Norton and I’m paying too much for my anti virus products, and I could pay them only $150.00 and my computer would be fixed. No. Enjoyed reading all the posts and replies. I also play with the “IRS” people who want me to go to Walgreens and buy $4,000 worth of iTunes cards to pay my tax bill. Thanks, everyone, for all the posts, replies and info!

  6. Carl

    Just now had a phonecall from someone claiming much the same as the above. Suspicious, as he was going through the rigmarole in the posts described above, I ‘googled’ supremocontrol’ and ‘scam’; sure enough I came across this site, outlining the scam as it was playing out in front of me. After I had said I wanted to ring microsoft directly he had given me a phone number to confirm who he was, which was almost laughable at this stage. In the background of the call centre I could hear cheering; obviously another ‘hit’ on someone gullible.

    Reply
  7. Natalie

    I just received a call at 12 midnight stating they were from Microsoft and had me download Supremo also
    and I did everything they said up until I ask how much money you wanted they reassure they were no scams and gave me a telephone number to verify but I was very cautious so now I don’t know if they have changed my IP address and what damage has occurred so how do I fix my computer, my firewall stays on will this protect me. I got DUPED

    Reply
    1. David Post author

      Hi Natalie,
      Sorry to hear this. I would definitely recommend running a scan with either Malwarebytes or Spybot Search & Destroy, as I’ve suggested in some of my other responses to people’s comments. Your IP address wouldn’t be affected by this. That is only controlled by your Internet Service Provider (ISP). However, you might check your DNS settings and make sure that when you type “www.google.com” or some other URL, you are being directed to the correct, safe, website. Good luck! If there’s anything I can do through my company, Develop CENTS, please don’t hesitate to contact me.

  8. Phil-VA

    Thanks for running this blog.

    Today (10Nov15) I got a very similar call. The caller identified himself as calling from “Windows” and said they had learned that my computer was infected, and he was calling to help. I asked if he meant he was calling from Microsoft, to which he replied that Microsoft could not call me, but “Windows” was contracted to solve these user problems. I was idly curious, so I let it roll. After being instructed to turn my computer on, to connect to the Internet, and to “go to your home page,” I was transferred to a “Technical Supervisor.” The second person (both were male, medium accent) instructed me to look at the lower-left corner of my keyboard and see a key marked “Cee-Tee-Are-Ell.” I amiably replied that my keyboard did have “Control” keys, but not in that location. He asked “Did you make your keyboard?” No, I replied, my keyboard was made by Northgate, once well-known for the solidest keyboards made. “Well, what keys do you have?” he asked. “Well, starting at upper left I have Function Key Eleven, and next to that is Function Key Twelve…” This went downhill fast. He then said to go to the “search” window in my browser, and type in “www.suprmofree -dot- com” (I wrote down the spelling, but it may have been “supremofree”). I wrote that all down, and then thanked him but said I was not going to do that. He asked why not. I said I did not trust him – in a friendly and calm tone. He proceeded to curse me and my mother very graphically. This seemed rather excessive. I told him his language was not warranted (he was still on the line, to my surprise) and I hung up.
    — Good luck to anybody else who receives one of these. Keep your guard up. Sad.

    Reply
  9. Kathryn

    Just got off the phone with these folks, whoever they are. I’ve received this call 4 times over the last 3 years and I make an effort to keep them on the phone for as long as possible in the hopes that I might spare some person out there the frustration of dealing with them. It makes me sad because while I recognize it as a scam, many people do not – I fear for my parents and parents-in-law, and others who are not as “computer literate” as they need to be to avoid being taken advantage of.
    I managed to keep today’s “technician” on the line for 36 minutes; reading the URL back incorrectly, faking a dial-up internet connection, etc. He was quite persistent, called me back when we were disconnected and even sent me to a different remote access website when I had him convinced that supremo wasn’t working: teamviewer[dot]com, another legitimate service that is being misused. Near the end I could even hear his supervisor trying to help him when I couldn’t determine whether I had a mac or PC…

    Reply
  10. Donovan Sanchez

    As of today, Tuesday November 24th, 2015 got the same thing about 11 this morning. Same indian accent. I decided to go along UNTIL he brought up the “Registration Plans” and remoting and apparently doing a virus scan. Immediately I hung up afterwards. For now I’m reformatting my computer and plan to check my bank account in morning to make sure nothing got taken. Even though they didn’t have any of my debit/paypal or anything I am cautious. The biggest thing I’m concerned about honestly is am I safe even after reformatting. Is my IP fine or anything like that. So its just a ton of what-ifs at the moment. If anything I’m just gonna do a return and explain my circumstance since it is covered under warranty as it is.

    Reply
  11. T

    A previous owner of our phone number must have registered it with evey marketing company going, we get a huge volume of junk calls for her.

    We’ve had several of these scam calls over the last year or so and I always enjoy talking to them, playing them along, because while they are talking to me they aren’t hurting anyone else. When I have a Linux box to hand I will let them connect to it for fun…

    Today the guy dispensed with getting me to look at ASSOC or event viewer and dived straight into supremocontrol. I hadn’t heard of it so I was typing it into google as he very slowly spelled it out for me. I’ve had at least three different remote control programmes suggested by them, none of which are malicious, it’s just that giving an unknown Indian bloke access to your machine is a bad idea.

    The machine I was on isn’t virtualised so I had to call him out when I apologised for accidentally typing it into Google and upon hitting enter saw a load of things that told me he was a scammer. He didn’t take it so well.

    I think I take exception to you calling them Black Hats – those guys have skill, these folk are just con artists social engineering gullible people into handing over control. I think they read from a script. I’m always astounded that anyone could possibly fall for it.

    Reply
  12. Adam

    I fell for this yesterday, and they almost had me until my son pulled it up on his phone that it was a scam.
    I got as far as downloading Supremo, and where it gave me codes for me to read to him, (which I did not) at that point I exited the site and hung up the phone they called several time, buit didn’t answer it. I deleted everything I could find on Supremo, not sure how much or if any damage was done, I had it off line and right now it’s going through a Malware scan. Any ideas if I need to wipe it out completely and do a full recvoery and start from scratch? What signs can I look for that would tell me that I’m infected? Sadly they will strike again, thank you for any assistance

    Reply
  13. Dave Brown

    I’ve just spent an enjoyable 20 minutes keeping “Michael from Microsoft” on the phone trying to figure out why anything I typed into the Run line produced the error “Failed to execute child process”. Along the way I did find out the web page he wanted me to access was “supremocontrol.com”, a quick Google search of which has led me to your blog entry.

    Eventually I got bored so when he asked me to type in “msconfig” I said brightly “isn’t that a Windows command? Well I’m using Linux!”. “Oh…” he said, “so do you have any Windows laptops in your house?” “No” I lied. “I was just winding you up, mate. Goodbye.” “Goodbye.” he said as I hung up. Poor Michael. Ought to learn some linux LXDE error messages so he can tell when he’s having his leg pulled.

    PS I do work in an IT department and run 3 linux boxes at home

    Reply
  14. Karen

    I gave the caller my credentials – 9 digit ID and 4 digit password.
    He was using iexplore/supremocontrol.com. Am I in trouble? Can I change
    my ID and password to stop this? Please help. (I ran my McAfee anti virus and
    Malwarebytes and so far everything was okay.) ( He knows I have another computer
    and a printer.)

    Reply
  15. Afsan Hanif

    I just got a phone call from a guy with an Indian accent. Following the above scenarios, without thinking i downloaded Supremo and gave him access to my computer he wanted me to buy a care plan which he would remove any viruses and things from my computer. I then told him to phone back later as I was busy so he cut the phone. After reading the comments above, I have now uninstalled the Supremo software and deleted anything to do with it. what should i do now as i am getting paranoid that they might have taken my details.

    Reply
    1. Leidy

      I think your in the clear unless you run the program in but i guess you did i just dowloaded the file but never ran it. I was very suspicious especilly cuz he was giving me an attitude. So i got mad and hung up but they are still calling me. Its so annoying. You can always uninstall then wait a bit. If you notice something weird you might have to erase all memory and reset everything back. Good luck.

  16. Leidy

    This just happened to me today but i did not run the program the guy said he was from microsoft and was calling me from a call center in india. Im no idiot i hung up and decided to call microsoft directly to verify they told me not to trust anyone calling from a company that wants you to download something to your computer. they do not call customers directly unless the customer called them and the call fell.

    Reply
  17. Davide Costantini

    Hello,

    I’m Davide Costantini from Nanosystems. We are the developers of Supremo, a remote access software like TeamViewer, Ammyy and others.

    Supremo is a legit software that simply allows a user to control a remote machine.

    Supremo is distributed for free for personal use while you need to subscribe a plan to use it in your daily job. I’m not here to advertise Supremo, I’m writing this to explain why you see many scam with Supremo.

    TeamViewer and other remote access software apply the same policy: free for home use, paid for professional use.

    So those scammers use all the software they can grab for free to perpetrate their frauds. They don’t buy the software, because it will make them more detectable and, of course, companies like Nanosystems will suspend the service after discovering “the evil purposes”. In fact, we know after several complains and in house analysis that scams largely come from India, but we have only a customer in India and it’s a good one.

    The problem isn’t only ours, it’s industry wide because we have reports of scammers using several software during the same scam.

    We make the life of the scammers more difficult with some technical solution: when you run Supremo for the first time an alert appears, after the EULA resume. We explicitly alert the user about tech scams.

    But when you have someone at the phone isn’t so easy to note a well placed alert. And if the fraudster gains the trust of the victim, no alert works.

    About Wikipedia, we are the developer of Supremo, we can’t write a Wikipedia entry about it. Even if Supremo is out since 2 years and has 220.000 montly users.

    Another fact, there are useful articles about Supremo and the scams on Ars Technica and Wired.co.uk (actually it’s the same article):
    http://arstechnica.com/information-technology/2013/11/fake-tech-support-scam-is-trouble-for-legitimate-remote-help-company/
    http://www.wired.co.uk/news/archive/2013-11/26/tech-support-scam

    A final note about the damages to Nanosystems caused by the scammers. The scammers do damage us in many ways, they damage our reputation to the global public and they make our support team work more. But we can’t do much to stop them (we are already warning the user), we can’t in some (painful) way force them to not use Supremo but this won’t stop them at all, they’ll only use other similar software.

    Authorities can do much more and, as far as we know, US Government is taking strong actions against the tech support scams.

    I hope this answer could be included in the article, we believe it may be helpful.

    Davide Costantini
    Nanosystems Srl
    Marketing Manager

    Reply
    1. David Post author

      Hi Davide,
      Thanks for your exhaustive response. As I’ve mentioned a number of times, as an IT consultant, I cannot confirm nor deny that Supremo is actually malicious or is legitimate software. I do understand that you guys are in a very difficult situation, and if I had to guess, you are an honest company trying to run an honest business.

      Thank you for your time! I may try to spin up a separate VM at some point to test out the Supremo software (sans the phone conversation with a scammer in India) and write a basic follow-up blog post on the Supremo software itself.

    2. Steve

      Hi David

      My son fell for one of these scams today and I can’t seem to find a way to remove supermo. It’s not showing up in my programs but there is an icon in the bottom right. Any ideas?

    3. David Post author

      Steve,
      If you’ve already run a scan with Malwarebytes and Spybot Search & Destroy, and you’ve confirmed that Supremo isn’t in the Add/Remove programs list, then it’s possible what you’re looking at is a link to a website or some other resource on the internet. I can’t be sure without looking at what you’re seeing, but if it is indeed a link (shortcut), then you can probably just delete the shortcut and be done with it!

      If you do need further assistance, I’m certainly willing to provide it, but would need to charge my hourly rate.

      Good luck!

  18. Davide Costantini

    Hello Davide,

    we would be pleased to have you testing Supremo. We can also provide a free code for a couple of weeks, as a sign of good faith.

    You can contact me at the email I provided for the comment.

    Have a nice day and a Happy Christmas David.

    Reply
  19. LeRoy A Trusty

    Oh boy, received the call yesterday. The individual knew my computer and product key. Told him I needed verification that he was in fact from Microsoft. Gave me some info that was relative to my computer.
    Started talking about some popups that I did receive that Microsoft was getting numerous hits. Yep, know those. Sounded legit until he said that the product his company offered which was the supremocontrol – Wait, this is not a microsoft product, right? A third party? And that MS has stated the computer is causing problems. Which at the time now I am seeing that I am losing control of my computer. I did a shut down and pulled the internet plug.
    When I brought my computer up again the SCAM notices showed up when i typed supremo to which I said he was not from MS. His response was that he was contracted with MS and MS is requesting that all owners need to have a 6 month check up.
    I could kick myself as I have worked in IT off and on in academia. But this guy knew too much about my computer.
    Anyway I have run every thing to clear the programs and background as I can think of. Changing passwords and more.
    Just got to be aware.

    Reply
  20. Aidan

    Thank you so much for this article, whilst on the phone to a technician from “windows support team” he told me to input exactly what you have stated. Whilst “waiting for it to load” I quickly checked out what he was wanting me to do. as I have a good knowledge of computers and that the phone call seemed to be dodgy, I wanted to check it out. He didnt seem to know what he was speaking about as he said that all the computers in the house would have been infected as thry’re all connected to th internet. So I researched the website, brought me to this article, I made up a story that my anti virus blocked the website as it was a gateway to scammers onto my computer, he then said to turn off my antivirus. I responded with “if this program let’s scammers onto my computer, why would I block it” he didnt respond and after a minute and a half of me repeating ‘helllo?’ I put the phone down.

    Reply
  21. John

    Feb 4, 2016, 11:26 EST Got the same sort of call, claimed to be calling from “Windows” and “Windows Technical Support”. The scammer wanted me to go to the site showmypc . c om, but to hide it he wanted me to use the WinKey-R key combo to start the Run command and then type in “iexplore showmypc . c om” in order to get directly there. When I gave some trouble I was passed to a higher up tech (a more experienced scammer really) and he wanted to do essentially the same thing, except to run www . supremofree . c om and then download a file. CallerID came up as 646-843-2567 but callerID is highly unreliable these days.

    Reply
  22. Nick Peterson

    I got the same kind of call today, from caller ID: 1-234-567-8901

    Suspicious!

    Young lady with heavy accent on noisy line said she’s calling from Microsoft Technical Support to fix errors on my computer.

    I recognize this as a scam; decided to play along to see where it leads. No worries since I don’t even run Windows.

    Had me go through the same procedure others have described. Run ASSOC to find the long line which she read back to me to convince me she had my individual computer’s Customer License ID or whatever; had me run EVENTVWR (Event Viewer) to see “errors”. Told me they were a sign of a severe virus and that they were going to help me.

    Directed me to a web-site for Supremofree.

    I said that Norton had blocked the website; she transferred me to a young man (also heavy accent, not quite fluent English) who told me my Norton is outdated and to turn it off.

    I excused myself for a bio-break, put him on mute and listened. There was some side-conversation, first in English about my having gone off and then in a language I couldn’t identify. I came back on and told them that I’ve gotten through to the site and he tells me to download it.

    When I asked about it allowing him to take control of my computer, he said it “goes through the Microsoft server” and will enable him to “fix” my computer. [Yeah! I’ll just bet!]

    At that point, I’d had enough. Long story short, I managed to goad him into blurting what I believe was a glimpse of their true motivations:

    “I’m calling from Afghanistan! I hate the United States! You guys sent in your military and f*cked up my country! We can handle the Taliban by ourselves! We don’t need you!”

    These characters aren’t simple thieves; they are trying to crack through and do real damage…

    Reply
  23. Barret Lawrence

    I was also received a call from one of these people. It’s one of several I’ve received. I decided to humor him and follow the directions to a point. (I am quite computer proficient and well aware of what would be safe.) He had me open a run dialog and then pull up the event viewer. After commenting on all the many events displayed, he said that was what was creating many issues on my computer and causing slow downs and hardware damage. After that, he directed me to type in the Supremo Control address. I wasn’t sure how safe the site was, and I didn’t have a virtual machine, so it was at that point I confronted him and proceeded to call him a liar and a fraud. I told him I was reporting his activities to the FBI and that I was blacklisting his website (thanks for the heads up about Supremo Control being legitimate by the way, I’d hate to go after a reputable company for what someone else is doing). After yelling at the guy, calling him a fraud and a liar for a few minutes, I got tired of hearing his feeble protests and hung up. I hate to think that these people are actually successful at times. I wish we could somehow shut them down for good. They don’t seem to have things together, because after several attempts they still keep calling me and I still keep busting them out. Maybe next time, I’ll have a virtual machine ready and waiting. I’m just an enthusiast with little real training, but I do know how to isolate things to a virtual machine and then submit them to an antivirus company.

    Reply
    1. David Post author

      Barret,
      Thanks for sharing your experience! Sounds like you and I are of kindred spirits. As for Supremo being a legitimate company, note that I think they’re legitimate. I don’t know that for sure.

  24. Khush

    Hi actually I got a massage on my desktop that I need to call on the number starting with 1800
    And I called to them and he was asking for id of supremo and pswd I gave it to him and I dnt know what he did with it can you pls tell me what should I need to do

    Reply
    1. David Post author

      Hi Khush,
      I would recommend running a scan with Malwarebytes and/or Spybot Search & Destroy (both of which are linked into at the bottom of this blog post). I can certainly provide remote assistance as well, through Develop CENTS, but I would need to charge for my time. Hope this helps!

  25. MichaelS

    I had the same experience via supremocontrol, but did have a Windows virtual machine to hand. These people are definitely criminals, not just offering an unneeded service. Attacker took me through the usual fake “proofs of malware”. After a while when I was resistant to making a payment he said that Microsoft would refund me £300, and asked for my bank details for the refund. He then made an additional connection via TeamViewer, I think because this allowed him to blank my screen (doesn’t blank a VM screen though). He then looked at various banking files on my computer. When I failed to give bank details he got threatening; as I was running Win XP, which he showed was no longer supported, the police would come and get me. Then he warned I was at risk of losing all my photos and stuff, then (expanding on the idea of photos) that the police would get me because I had porn on my computer (unless I paid him to update it). Then he said he would show me pictures of my daughter, and took me to a porn site. The after this highly professional discussion which would surely have convinced me that he was a Microsoft support person, and after looking at tempting bank details, he switched back to wheedle mode, “unblanking” my screen, bringing up the login page of “my” bank, and saying I had to login so he could protect me from banking fraud. When I didn’t, he started delting icons, trying to delete other stuff, and warning me that my computwer would become unusable. he managed to do something (I don’t know what that crashed both the VM and the host machine, though of course all was well after a reboot.

    Another scammer a while ago “blanked” my screen, then started to make Western Union transfers from a stolen bank card (I pulled the plug just before the actual transfer, and phoned the police with the address the transfer was going to, etc.).

    These people are out-and-out criminals, not just pedlars of a dubious product.

    HTH

    Reply
  26. Bob

    I received a call out of the blue from a man with a thick Indian accent who kindly informed me his tech support company was going out of business and they were going to refund the entire $255 I had paid for support 2 years ago. all I had to do was run http://www.spremocontrol[dot]com.

    Several things made the hairs stand up on the back of my neck about this call.

    First: It was an unsolicited call; always a red flag.
    Second: They were going to refund my entire purchase price; REALLY?!?
    Third: I don’t recall ever paying anyone $255 for technical support.

    He pressed me pretty hard to run the http://www.supremocontrol[dot]com but I refused and told him I don’t run anything I’m not sure of. I told him I would research my records to see if I ever contracted his services at which point the line went dead.

    To me it “walks like a scam” and “talks like a scam” so I figure it’s pretty sure to BE a scam.

    Reply
  27. Will Punch Indian Scammers in the nose

    They just scammed my mother today, I caught it in the 1st hour though and urgently advised her to shutdown all laptops / PCs in the house and keep them offline until the pros came in to reformat and re-install windows. According to her what happened is that she was surfing the web and a pop up came up with a woman’s voice in loop and would not allow her to continue with the pop up still appearing is she attempted to close the window, instead of doing the sensible thing which would have been kill the browser in task manager or shut down and restart the machine she phoned the help number on the pop up and spoke to an Indian Scammer, he had her on the phone around 30 minutes pretending to help and he gained remote access by getting her to install Supremo, he ran a program that looked to be scanning her files (probably greping or FINDing keywords in files for bank account / credit card information which he would download. I got her to call the police on UK 101 number for fraud squad, funny thing is that they told her that they had never head of this before and this was the first case… but I’m sure these have been around for minimum 5-8 years. (I bet the police are next to useless in dealing with this). She gave them the telephone number she called but what good is that if they’re out of their jurisdiction. I think she’s lost her mind to be honest, I was talking to her about Windows .EXE files and the Indian Scammer scanning the hard disk and all I get from her is hysterics and “What is a hard disk ?”, “What is a .EXE file”, and this is a woman in the early 1990s (retired last year) that worked on Windows 2D CAD applications, Word, Excel, Ingres database entry etc. So I dunno, the vunerable are preyed upon.

    Reply
  28. Kevin

    Hi All, I’m a former IT industry Software Technician.
    My Dad just got caught up in this. He was looking up elections news for the Philippines and one of the websites led him to this URL: torjandetected{dot}online It then threw a pop up from told him you’re PC has a suspicious connection trying to access your logins, banking details and tracking your internet activity…etc etc.. and your data may be at risk….blah blah blah. I have screenshots in case you want a copy of the full message. (I later tested that link again and the only way to escape the clutches of the pop up is to force close the entire internet browser using task manager (ctrl+alt+del).

    The Pop-up directed him to call 1-800-875-6182 which he did and an indian-accent man directed him to download the tools listed below under TOOLS USED. LogMeIn (which was a trial version of the software) was successfully started up by my father and he gave the one-time code to the phishers via the phone (he was on the line the whole time). The phishers then proceeded to show him where the “problems” were, which are actually no problem at all. After putting on the “show” of what was wrong with the PC, they said that in order to fix it, my father would have to buy a warranty for $120. They then asked for his info. When they concluded the phone call, he directed my father to leave the PC on so that his “program could finish” – which was a command shell windows my father saw; likely running a script or maybe just another part of the “show” so they could justify asking for his name, address, email, phone number, and debit/credit card. Thankfully, in this case, my Father didn’t give his card #as my mother handles that info.

    I’m not sure if they really did copy any files, but I educated my father on checking his annual credit report in case someone is stealing his identity. Also there is ID theft insurance. Very in-expense, provides you $$$ coverage and the best part of all and which made it worth it to me is that the insurance company does the work of fixing your identity so you don’t have to take up the headache and time away from your life to clean it up.

    He just called back and I got additional info from him by impersonating my dad:
    he says they are based out of New Jersey.
    he says the company he works for is MicroTech (the websites he told me microtech.com or microtek.com) are either bogus or un-releated to his supposed service being sold.
    At this point, I was done talking with him so I asked him, “how much money do you guys make scamming people?” he responded “I’m sorry?” I asked him again. then I told him “you guys are the assholes of the world. Don’t call this number again or I’m calling the police!” in the angriest tone I could muster. Then hung up on him. So far, no calls back 🙂

    Stay safe out there everyone.

    TOOLS USED
    LogMeIn and Supremo.

    Reply
    1. David Post author

      Thanks for sharing your experience, Kevin. My sister once got scammed like this, and immediately after hanging up, had doubts about it and called me up. After she and I talked for a while, she actually called the company back and demanded a refund. Interestingly enough, she got it. I don’t know how she pulled it off, they credited her credit card the $200 that they had initially charged her.

      You bring up a good point here, that ANY legitimate tool can be misused. As I’ve said in previous posts, while Supremo seems to be a common theme, other tools like LogMeIn can also be misused by scammers.

  29. Nick

    Currently on a call – managed 39 minutes so far – they are all so confused why they can’t connect – shame I know IT well enough to act stupid but give them zero access. I’m trying to piss them off for 1 hour.

    Reply
  30. Kevin

    Awesome to find this post at the top of Google. Needless to say I’ve just had a call similar to all of the above but with a new twist. The heavily accented caller claimed to be from BT and informed me that they were going to be cutting off my internet access in 24 hours because I had a problem with my computer that was affecting the network.

    To give you a better perspective, I work with the web and have done since before Google existed and I do like to have fun with these callers. Like one of the previous commenters my thoughts are (if I have the time), if I can keep the scammer busy for half hour or more, it’s one less person who might get hacked.

    This time I said I had a very old computer. Everything he asked me to do or type in caused my computer to turn off. I could hear the glee and anticipation in his voice as he said ‘you have some very real problems that we can help you with. After my computer ‘turning off’ for the third time he even offered to send round a technician with a new computer; it would only cost £3 to arrange the appointment.

    How I wish I could have kept him bust for more than the 43 mins I did before he got wise and the abuse started.

    It’s good to know that supremocontrol is legit and responsive here.

    As always, never trust anyone who calls out of the blue claiming to be from MS or your telephone carrier – especially if they tell you have have PC problems they can fix.

    Reply
  31. Daniel

    To start this off, do not trust cold callers. if they say they are from a company then they will be calling with a legitimate 800 number.

    I had an Indian fellow call me from a blocked number. He said he was from tech service. I told him I did not have a tech service subscription and said sorry about you luck and hung up.

    He called back. I answered and he proceeded to inform me that he was from Microsoft technical support. I asked him why he was calling from a blocked number if he was from Microsoft. He said they did not want the number out there so people keep calling back. I knew that was a lie.

    He then said hackers were remote accessing my computer and stealing my passwords. I recently had one of my credit cards duplicated and someone tried using it, luckily not for much so I kept talking with him.

    He ran me through how to access the error messages that are sent to Windows and had me filter out just the error and warning messages. This i assume is a worth while scare tactic. He had me right click one and asked if there was a delete option. There of coarse was not one. He then explained that was because it was put there by a hacker.

    He then had me open command, or run, prompt box and wanted me to type supremecontrol[dot]com.

    This is when I told him that I know windows and no windows operator or employee would send someone anywhere other than a Windows site and hung up. He called back and I let him go to voicemail. Then he called again. After the second time he stopped calling.

    Reply
  32. paul

    I had a similar experience. Indian accent, hackers are compromising my computer, pay him $199 and he would clean uo my computer I told him I will pay nothing unless he gets my extremely slowed down computer back up to speed…. I told the IT that if this was a scam I would hunt him down and rip his heart out of his chest through his throat…. and told him he would not ever want to meet me in person if he damaged my computer… he giggled …. but got no credit card numbers (which I suspect he was after)………….. I despise these wormy trolls…. may they rot in a hot place forever

    Reply
  33. Gary

    I had two of these calls in the space of three days. I work in IT so wasn’t taken in by the scam but what an earth can we do to stop this practice? Do the police actually do anything or look into it? Is there a way we can use the remote access program against them and get a source IP address and report them to an ISP? There must be something! It saddens me whilst we can waste their time and slow them down, we still seem powerless.

    Reply
  34. Scammer Police

    As a public service, I spent 2 hours on the phone with these guys today. And an hour earlier in the day as well. I kept saying I had something on the stove, or had someone at the door, or whatever. Have to say, the amount of patience they showed was amazing. There were so many times that I almost burst out laughing with all of the very stupid questions I asked. And they transferred me around to various people (Sr Supervisor, Manager, Sr Manager), it is almost entertaining to be messing with them.

    I always figure the more time I can keep them on the line (even if it is wastes my own time), I am saving someone else from becoming a victim. But it goes to show just how much profit is in it for them. At one point I even got the last person I spoke with to provide me a website (wiztech.com) but that website comes up showing “This website is temporarily unavailable, please try again later.” And then he gave me the site mywiztech.com (which is a legitimate site) but told me that number wouldn’t work and that I can’t call them without a code because I am not a customer yet.

    We went back and forth at one point with the guy pleading for me to hang up. Not sure why he couldn’t hang up, but apparently there was some time (maybe 90 minutes) that he was allowed to hang up. He kept telling me he had already submitted the report to shut down my computer because my computer was infected other computers and there was nothing he could do for me now. But then I was promptly called back by someone else. They finally said they would email me paperwork, but I gave them a bogus email address.

    Anyway, they first had me bring up the Run menu (windows key & r key) and enter eventvwr (to get the supposed “warnings”), then iexplore gg.gg/02027 and later iexplore gg.gg/78622 to try to get me to run the Supremo software, and later certmgr.msc to get me to believe the Microsoft Authenticode Root Authority is expired, and also CMD to show me they knew the code for the zfsendtotarget=CLSID as proof they already knew my “security license” expired. They said they could renew my license with a warranty for 1, 2, or 3 years for $199, $249, or $299 respectively.

    I can tell they believed they had a fish on the hook but that I was just wrangling and wrangling against letting them reel me in. These people are scum and I just can’t understand why they continue to find victims.

    Reply
  35. Lawrence Davis

    I have been called by these people just about every week since 2014. Sometimes 4 times a day. Same ole bologna. I got friendly with one of them pretending to do what told me to do. I got him to admit that that he lived in northern India right on the Pakistan border where he worked. These people are not all Indians, but mostly Pakistani, and both Northern India (on the border) and all of Pakistan is Islamic. Yes, they are making money with fraud, but most of it goes to Jihadists causes. Some calls orginate from Saudi Arabia as well. A caller ID will not show this, but my IP provider puts it on the TV screen, and I can see their real phone number. This is how I know by Country Code and City Code. Some sound Indian, but the calls I have been getting are from Pakistan and Saudi Arabia, and therefore a type of Farsi (Arabic) accent. It is more than a scam, its a Jihad, and the police, sheriff, marshal, or the FBI have no jurisdiction. My county sheriff told me they got hit last week with Chinese flags flying. They can only reinstall their system from scratch at taxpayer’s expense. Heads Up! Wise up, or you will lose badly. Think before vote this November. Who took millions from some or all of these countries? And this candidate is in their back pocket.

    Reply
  36. Jennifer

    I got a call from “Supremo” today stating that I was entitled to a refund also. The thick accented “gentleman” told me that I needed to download the app so that he could send me a refund form to complete. I downloaded the app and clicked run. My phone died luckily. Then, I decided to to Google for scams. I came across these posts. I immediately disconnected my laptop from the internet. I’m wondering if the damage has already been done??

    Reply
    1. David Post author

      Hi Jennifer,
      As I’ve tried to indicate in the blog post and in my answers to similar questions here, I don’t think that Supremo is the problem. It is simply a tool that can be used for malicious purposes, but it was (I think) developed for legitimate use. This is similar to other tools such as TeamViewer, Join.me, LogMeIn, etc…

      Regardless, I would recommend uninstalling the Supremo tool, as you don’t need it, and I’m uncertain of its safety. You can use a tool like Malwarebytes to scan for potential malware, but if the person you spoke to never actually connected to your computer through Supremo (i.e. your phone died before completing that step), then I would say there’s probably nothing to worry about.

      Feel free to contact us through https://developcents.com if you need additional assistance. We’d be happy to help, but would need to charge our hourly rate.

  37. Eric

    Thank you all for this blog/post. I too just got a call like this. They gave me a number to call to verify who they are: 209-813-1251. They said their office was at 3340 Ocean Park Blvd, Suite 160 in Santa Monica CA. They said they were a vendor from Windows Technical Dept. I got as far as looking at Supremo and realized I would be giving control of my computer to someone I do not know or trust and I politely declined to proceed further. Thanks for all these posts because had I not seen them, I might have gone further

    Reply
    1. David Post author

      Hi Eric,
      Thanks for sharing your experience. Yes, any legitimate tool like Supremo, TeamViewer, VNC and other remote desktop tools, if used by the wrong people, can be dangerous! I’m glad that you were able to prevent this from happening to you.

  38. LoveLots

    Yikes! Almost happened to me, I got as far as the fff.re website and saw that the application for supremo was on my computer. I’m wondering did the website prompt the download? How did the application for download make it to my computer? I didn’t run the supremo app I hung up. I did have some tech support help from HP but am still wondering if by going through the website the app automatically downloaded; do they have access to my computer?

    Reply
  39. Rahim

    I received a call from the number 404-602-9519 yesterday. They asked me to download supremo software and connected to my PC. But when they asked me to pay money to remove malicious software, I did hung up. They will try in all the possible ways to scare you and make you pay. Please make a note of this number.

    Reply
    1. David Post author

      Hi Rahim,
      Thanks for your comment. One thing to note is that it is incredibly easy for these scammers to “spoof” a phone number, which essentially makes it look like a phone call came from a particular phone number, when in fact, it came from a different number. It is also very easy to reserve a phone number temporarily, and then stop using it. I would say chances are very, very good that this was a temporary phone number and could be unused soon after it was used by these scammers.

  40. Choni

    Hi there,
    Yes like others here, when I open my
    Pc today I got a pop up message to call and I rang them. I was responded by an acccent man. I didn’t know he was looking for remote if. But I gave that number and he can access my computer. I think I am scammed. At the moment I plug out all my pc. Will they be able to take my infos. I am dead worried. Help help help!!!! What can I do to protect now. Ohh …. My days just gone mad…

    Reply
  41. Lee

    Hi Guys

    I had a call from one of these scammers today. Lied and told him my internet connection isn’t working at the moment and he is calling back later.

    What information can I get out of him to be able to get something that I can report to police and shut them down?

    Reply
    1. David Post author

      Hi Lee,
      Unfortunately, it’s incredibly difficult to investigate and prosecute these types of scams, because most of the times, the scammers are based outside of the police’s jurisdiction (I’m not sure where you live, but they are almost certainly not based in the United States, for example). It is also very easy to “spoof” the phone number that the scammers call from, so they make it look like they are calling from a particular phone number, but they are in fact calling from a completely different phone number & location.

      That said, the best information that you can give the police (actually, the FBI in the United States are the best people to go to) is the phone number as it appears on your phone when the scammers call you, and the exact time that they called. Again, it’s easy for the scammers to “fake” the phone number, but this is at least a start!

  42. Greg

    I had A caller yesterday from supremo and they wanted to refund money to me. It seemed weird as I did have tech support once but from a company with a different name but I was disappointed with them after awhile as sometimes they would not fix everything properly anyway I asked for a refund and got back every cent from them after being with them for a year. So when I received the call from this guy wanting to return 90 US it just didn’t seem right especially when he said that all I had to do is fill out a form and he could refund my money. In a way that seemed to me OK but he said go to my browser and type in WWW. Supremo CONTROL and soon as he said control alarm bells in my head that were already ringing got louder. But here is the thing, he had my name address and G mail street name post code and suburb and off course my phone number all correct, I don’t know maybe there was $90 usd still owing but I just could nor would not take the chance just in case. Though if they had all that why did they need to take control of my PC ??? Any thoughts. What do you think. To late now anyway cause I told them the supremo was a scam and that they could keep the money. He seemed very upset as If I hurt his feelings. A scammer with feelings or someone fair-dinkum trying to return money, maybe pigs do fly backwards sometimes!

    Reply
  43. Lila

    Same thing happened to me just now. I hung up after reading a message on the supremo pup-up saying no Microsoft employee would ever ask you to get access. So did not give them an ID / password – but did download and run Supremo. I’ve done a bit of research and it looks like that in itself isn’t a big deal and that the software is clean. Any thoughts? Am I safe or do I have to change all my passwords?
    PS As I was on the phone with them,I asked them where they were located and they gave me an address in London, Cardinal Ct Victoria Street. I googled it and asked where they went for lunch and then asked them how they found the places in the area. The first guy completely blocked that question. The second clearly also googled it the address and then named some of the places around… the whole thing was really fishy but they did keep me interested long enough to almost believe it was legit… anyone know if I need to take any action since I downloaded and ran supremo?

    Reply
  44. Wm Stanley

    Thank you for writing out what I have tried in vain to handle. The BS is as you describe – these *&#%! foreign hired thugs try to use up you time, destroy your cpu operation, and generally make life difficult. The callers are criminals or stupid and usually hired by unscrupulous US Agencies to make calls supplied to them by government agencies unknowingly. I can say this because the only time I give this number out has been to state licence bureaus or similar organizations. I am on a Do-Not_ Call registry. When this number is contacted I know at once it is either a wrong number or a criminal.

    There are devices (wish I could find one) that blast the ears of an unwanted caller. We need to fight back!!!

    Reply
  45. Pingback: Beware: Supremo Call Center Scam - Lazy Man and Money

  46. karen

    This is still around. Just got off the phone with someone with an indian accent. Did the run thing but when trpied the iexplore gg.gg20207 two windows popped up and there was no run on the front window. while that was happening I looked up and found this site. Thanks for having it online.

    Reply
  47. K. Smith

    I received a phone call today from a “Microsoft” scammer. In all, I wasted roughly 25 minutes of their time.

    He requested that I open MSConfig, and directed me to download Gotoassist, to which I replied there was a certificate error (there was not, I wanted to see how he would respond.). He then directed me to download SupremoControl. I told him there was a DNS server error and he hung up.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*