IMPORTANT! This is MoneySavingExpert's open forum - anyone can post

Please exercise caution & report any spam, illegal, offensive, racist, libellous post to forumteam@moneysavingexpert.com

  • Be nice to all MoneySavers
  • All the best tips go in the MoneySavingExpert weekly email

    Plus all the new guides, deals & loopholes

  • No spam/referral links
or Login with Facebook
'Support onclick'?
Closed Thread
Views: 47,945
Thread Tools Search this Thread Display Modes
# 1
jfdi
Old 08-04-2009, 3:53 PM
Serious MoneySaving Fan
 
Join Date: Dec 2005
Location: Hampshire Coast
Posts: 782
Question 'Support onclick'?

Just had a really weird call from 'Support Onclick' saying they'd spotted we'd just opened a malicious file - & offering support.

When asked how they knew they said they worked with 'all the big companies' & were asked to check these things out!

Very weird, coz I was only just booting up the PC at the time, not having been on it since last night.

Allegedly they're from Bradford!

Any ideas?
jfdi is offline
Report Post
The Following User Says Thank You to jfdi For This Useful Post: Show me >>
# 2
DatabaseError
Old 08-04-2009, 4:53 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Dec 2005
Location: halifax, uk
Posts: 4,020
Default

ignore them....scammers!
(never actually heard of them..but the only way they could get your phone number from your IP address is via a court order...even then I think they'd only get an address.
Probably worth running malwarebytes and a virus scan just to make sure your machine is actually clean...and that they haven't harvested your data through resident malware (extremely unlikely)
Utinam logica falsa tuam philosophiam totam suffodiant.
DatabaseError is offline
Report Post
The Following 3 Users Say Thank You to DatabaseError For This Useful Post: Show me >>
# 3
mrJ
Old 08-04-2009, 4:54 PM
Serious MoneySaving Fan
 
Join Date: Jul 2005
Posts: 1,049
Default

probably trying to get your bank details and charge you for some rubbish anti-virus program
mrJ is offline
Report Post
The Following 2 Users Say Thank You to mrJ For This Useful Post: Show me >>
# 4
ericsbird
Old 22-05-2009, 4:21 PM
MoneySaving Newbie
 
Join Date: May 2009
Posts: 1
Default

My friend has just had such a phone call and was scammed out of 170 for three years subscription of god knows what. They told her that they had remote access to her computer and that they could see that she had problems that needed fixing. The completely convinced her that a: they were from Microsoft and b: that the problems were serious. After telling her to cancel her payment with her credit card (paypal) I then called them and told them exactly what I thought of them. They 'say' they will cancel the payment, but it took me 20 minutes on the phone to India - heaven knows what that will cost me! Does anyone know who to report this to, to get it stopped? At the very best, the company may be legitimate and my friend was simply mis-sold the product. At worst its an insidious scam preying on those who dont understand computers enough to contradict what they've been told!
ericsbird is offline
Report Post
The Following 3 Users Say Thank You to ericsbird For This Useful Post: Show me >>
# 5
tree123
Old 22-05-2009, 4:56 PM
MoneySaving Newbie
 
Join Date: May 2009
Posts: 1
Default

I was just called and told the same thing, that my computer had automatically downloaded some unwanted files which now made it susceptible to hacking. This sounded very unlikely to me, particularly as when I asked her to repeat herself she used the exact same wording, as if she was reading it from a piece of paper. I asked them to leave a number so that my Mum could call back when she got home from work but the woman on the phone changed the subject and kept asking me to turn on the computer. I didn't understand why that was necessary so I said the computer was broken, and she became really agressive and accused me of lying (which to be fair I was) so I again asked for the company name and I was told support onclick (which i dont believe) and when I asked her to give me a phone number for a second time she hung up.
I thought it was dodgy to begin with but the fact she started shouting at me and wouldnt leave a number was really suspicious...
tree123 is offline
Report Post
The Following User Says Thank You to tree123 For This Useful Post: Show me >>
# 6
dawson001
Old 27-05-2009, 12:33 PM
MoneySaving Newbie
 
Join Date: May 2009
Posts: 6
Default

I just got a call from them too, according they were working with microsoft!
Tried to get me to run specific programs!
They are just scammers, trying to sign up to their software!
dawson001 is offline
Report Post
# 7
maxicab
Old 01-06-2009, 4:19 PM
MoneySaving Newbie
 
Join Date: Jun 2009
Posts: 1
Default supportonclick

They sound pretty plausible if you aren't very computer literate. They do have a website. They have just cold-called me and they knew my full name. They sound Indian. I turned on the computer as suggested, and he got me to type in an odd collection of letters into RUN on the start menu. When my computer said it couldn't find this program, he said well my computer must be very badly infected already, and had donloaded a trojan virus to block me seeing the problem. I said that I had anti-virus software installed and it seemd to be OK. He then said to type in eventvwr into RUN and tell him what I saw. I had opened event viewer and saw thousands of items: i information, and hundreds of yellow triangle warnings and red X errors when I further pressed on 'application' as instructed. In fact I can repeat and view these now. All are from the last 4 months or so. He said this showed my computer was heavily infected and it was surprising that it was running at all. He warned me not to click on any of the items!
I said that that was all very interesting but I was concerned that they weren't a genuine company and that they hadn't said their company name or who they were and what their website was and what their phone no. was, and how they had obtained my name and phone number. I was passed to the 'superviser' who went through much of the same spiel but eventually told me the name supportonclick and I could view their website and that they have my details from "local surveys" and because I am a valued client etc. and that they will accept payment in many ways for their computer support services. I typed the name into google as he was talking and saw many entries from around the world and the strong suggestion that it is all a scam. Eventually I said I didn't want to continue the conversation and hung up.
I don't know how they can get your phone no. and name but I don't like that they could have done so. Maybe from TalkTalk my ISP? Their other suppositions were probably fortuitous - yes I have a computer, yes I use Microsoft Windows, yes my computer is not as fast as it was.
Beware. Although they are pretty plausible, I am pretty sure it is a scam. Can anyone clever tell me what all that stuff in event viewer is and whether it means anything?
Thanks.
maxicab is offline
Report Post
# 8
350186
Old 04-06-2009, 9:57 AM
MoneySaving Newbie
 
Join Date: Jan 2009
Posts: 8
Default Scam yes, but is it dangerous?

Hi,

Had a call from my father last night who had had an unsolicited call from Support on Click. Unfortunatley he allowed them access to his PC, but eventually stopped short of them actually taking any money from his bank account. The account has been stopped etc. so no worries there.

However, my concern is now the ongoing security of his PC.

I tried called them in India (via UK number) and a manager very strongly told me it is none of my business how they accessed his PC and that once session ended they could not access his PC again.

All well and good if his company had an credibility or was believable, but their marketing strategy removes any faith I have there..

So, to my question.....

Does anyone have any idea what software may have been used to access my Dad's PC, so I can uninstall it, and is there any indication that anything mallicious will heva been left on PC (key-logger etc.) that we should be worried about.

Any comments would be appreicated.

Andrew
350186 is offline
Report Post
# 9
macman
Old 04-06-2009, 10:09 AM
Deliciously Dedicated Diehard MoneySaving Devotee
 
Join Date: Feb 2006
Posts: 35,627
Default

Quote:
Originally Posted by 350186 View Post
Hi,

Had a call from my father last night who had had an unsolicited call from Support on Click. Unfortunatley he allowed them access to his PC, but eventually stopped short of them actually taking any money from his bank account. The account has been stopped etc. so no worries there.

However, my concern is now the ongoing security of his PC.

I tried called them in India (via UK number) and a manager very strongly told me it is none of my business how they accessed his PC and that once session ended they could not access his PC again.

All well and good if his company had an credibility or was believable, but their marketing strategy removes any faith I have there..

So, to my question.....

Does anyone have any idea what software may have been used to access my Dad's PC, so I can uninstall it, and is there any indication that anything mallicious will heva been left on PC (key-logger etc.) that we should be worried about.

Any comments would be appreicated.

Andrew
There's lots of software they may have used, it may be one session, it may not be. Look under the 'add new programs' in Control Panel and you can list the installed software by date of last usage, that way you can ID anything installed on the relevant date. To be safe I suggest you do a System Restore back to the first date before remote access was allowed.
Also I suggest you ensure that your father is running proper antivirus/antispywaresoftware and that this is up to date. If he's unwise enough to allow access to a complete stranger then it's likely he is not using proper security either.
No free lunch, and no free laptop
macman is offline
Report Post
The Following 3 Users Say Thank You to macman For This Useful Post: Show me >>
# 10
Swindon_Baggie
Old 04-06-2009, 9:36 PM
MoneySaving Convert
 
Join Date: Aug 2007
Location: Swindon, Home of the biggest big weekend. Now in my new pad, just wish the Landlord had redecorated.
Posts: 38
Default Avoid

Any company who's 'about us' on the website includes

"Support On Click" is an online technical support system & the people & technology have been battle-tested in many corporate for nearly 20 years.

Is obviously not worth dealing with.


Windows XP includes 'by default' an option to allow remote desktop support, and is facilitated through the use of windows messenger. If you remove windows messenger, you can still download windows live messenger (which is similar but different) and used to be the old msn messenger, your account holds all your contacts so easy to switch, and no more remote desktop.
Just look here to do so.
http://www.dougknox.com/xp/tips/xp_messenger_remove.htm
I would recommend using the manual technique.

Then, make sure you have anti virus.
free.avg.com
or spend a fortune on something else.

How they get your details. No idea. Electoral register, Phone book, personal website, collected from stolen government cd, sold by tesco?

Something I recommend is using slightly different spellings of your name or home address when contacting and buying companies. This allows you to find out who is selling your details, and legitimate dealings get through cause they are basically accurate.
For the internet, use throwaway email address's that link to a gmail address, and then just label what comes in from each address.

Bit of hassle, but lets you know where to direct complaint.
Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke
Swindon_Baggie is offline
Report Post
The Following 3 Users Say Thank You to Swindon_Baggie For This Useful Post: Show me >>
# 11
gaming_guy
Old 05-06-2009, 10:07 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jun 2006
Posts: 5,981
Default

............

Last edited by gaming_guy; 12-06-2012 at 10:55 AM.
gaming_guy is offline
Report Post
# 12
macman
Old 05-06-2009, 10:14 PM
Deliciously Dedicated Diehard MoneySaving Devotee
 
Join Date: Feb 2006
Posts: 35,627
Default

Quote:
Originally Posted by gaming_guy View Post
avg used to be good. avira antivir is one of the best free anti virus programs availible (and malwarebytes as already recommended).

if you want to pay for security software, kaspersky is the way to go.
or it's free if you use Barclays online banking.
No free lunch, and no free laptop
macman is offline
Report Post
# 13
tenacious_hyperion
Old 06-06-2009, 11:32 AM
MoneySaving Newbie
 
Join Date: Jun 2009
Posts: 1
Default Support on Click

I just got a cold call from this company 20 minutes ago. Without a doubt they're trying to scam people out of money.

Once I explained that I worked in IT and that the errors were just general application crashes/errors they put me on hold to speak to a manager. I was then told that these application crashes could damage my motherboard. I then simply asked how they got my number and how they knew my name - at that point they hung up on me. I didn't even shout or sound angry.

I then rang 01274 900 834 (as per their website) to ask a few more questions and they hung up on me again! (Although I did sound a little angry the second time, but never got a chance to shout).

I hope that nobody has been caught out by this type of thing as if you were just a casual IT user it does seem quite plausible.
tenacious_hyperion is offline
Report Post
The Following User Says Thank You to tenacious_hyperion For This Useful Post: Show me >>
# 14
Jemma-T
Old 07-06-2009, 5:38 AM
Serious MoneySaving Fan
 
Join Date: Jul 2007
Posts: 1,484
Default

I'd be more worried that I knew people who were scammed by scumbags like this.

Your house phone line is supposed to be private so why people spew their details to anyone I'll never know.
Jemma-T is offline
Report Post
# 15
asbokid
Old 07-06-2009, 1:11 PM
PPR
Serious MoneySaving Fan
 
Join Date: Mar 2009
Location: Wale's
Posts: 1,951
Default

Code:
Domain Name:SUPPORTONCLICK.ORG
Created On:11-Apr-2009 11:58:35 UTC
Last Updated On:11-Apr-2009 11:58:37 UTC
Expiration Date:11-Apr-2010 11:58:35 UTC
Sponsoring Registrar:Directi Internet Solutions Pvt. Ltd. d/b/a PublicDomainRegistry.com (R27-LROR)
Status:CLIENT TRANSFER PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:DI_7112790
Registrant Name:Ali
Registrant Organization:Pecon Software Ltd
Registrant Street1:EN-27, Salt lake city, Sector-V,Kolkata
Registrant Street2:
Registrant Street3:
Registrant City:kolkata
Registrant State/Province:West Bengal
Registrant Postal Code:700091
Registrant Country:IN
Registrant Phone:+91.3340052240
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:tech@pecon.co.in
You need to speak to "Ali" !!

..Or maybe Calcutta Police fraud squad...

http://www.kolkatapolice.gov.in/contactus1.html

Ask the Cops to speak to a "Mr Mahesh Shah"...


Mr Shah boasts of being the Managing Director of the Pecon Group which is linked to this swindle...

Mr Shah told the Hindu Times that he "bagged" his orders from outsourcing companies based in the US...

http://www.blonnet.com/2006/06/28/st...2804031300.htm


You could also call Mr Shah's hosting company... Net4India Ltd..

Shah rents some rackspace at Net4India's Hyderabad server farm for his Apache webserver.

That is where the websites for Mr Shah's Pecon Software Ltd, and the SupportonClick swindle are both hosted..

Code:
netname:      NET4
descr:        Hyderabad Network Operations
descr:        Net4India Ltd.
descr:        Internet Service Provider
descr:        D-25, Sector 3, Noida,
descr:        UP - 201301, INDIA
country:      IN
admin-c:      NET4-AP
tech-c:       NET4-AP
mnt-by:       MAINT-STERCAP-IN
status:       ASSIGNED NON-PORTABLE
changed:      networkadmin@net4.in 20090219
source:       APNIC
...
person:       Net4 NOC Administrator
nic-hdl:      NLNA4-AP
e-mail:       ipadmin@net4india.net
address:      Net4India Ltd.
address:      Internet Service Provider
address:      D-25, Sector 3, Noida,
address:      UP - 201301, INDIA
phone:        +91-120-4323500
fax-no:       +91-120-4323520
country:      IN
changed:      networkadmin@net4.in 20080912
mnt-by:       MAINT-STERCAP-IN
source:       APNIC

Last edited by asbokid; 07-06-2009 at 1:36 PM.
asbokid is offline
Report Post
The Following User Says Thank You to asbokid For This Useful Post: Show me >>
# 16
devils advocate
Old 09-06-2009, 4:17 PM
MoneySaving Stalwart
 
Join Date: Sep 2005
Posts: 425
Default

looks like they are doing the rounds at the moment. I've just had a call from them, claiming to be calling from Bradford, and giving the 01274 900 834 phone number. After a bit of discussion, he also told me that the UK address is at 17 Chester Street, Bradford, West Yorkshire BD1 1SW.the caller identified himself as phoning from Calcutta.

I wanted to see how far he would go ( and I knew that I would stop when I reached the limit of my PC knowledge!)and he took me through the instructions of right clicking on "my computer", going through the manage option to computer management, and showing me all the errors and warnings on the logs of the event viewer. He then took me into on the run command, and told me to type "prefetch". I was then told that all the programs which came up on the window were problems with my computer!

He then wanted me to type the name of their website in the run command box so I then started having a bit of a debate with him. (The website is www.s o c 321.com, [without spaces, if anyone's interested. ) Having told him that I'd typed the name "Support on click" into Google and that it showed up as a scam, he then started arguing with me that if I typed in Microsoft or IBM into Google, that no doubt that would show up as a scam! unfortunately I then got another call, so had to hang up on him.

As I'm a cynical old sod, I suspected from the beginning that this was some type of scam call. Unfortunately those with less than my limited knowledge of the workings of the PCs may find it all quite plausible and sign up for something or even worse, install a Trojan.
I can spell - but I can't type

Last edited by devils advocate; 09-06-2009 at 4:20 PM.
devils advocate is offline
Report Post
The Following 2 Users Say Thank You to devils advocate For This Useful Post: Show me >>
# 17
asbokid
Old 10-06-2009, 1:16 AM
PPR
Serious MoneySaving Fan
 
Join Date: Mar 2009
Location: Wale's
Posts: 1,951
Default

Quote:
Originally Posted by devils advocate View Post
He then wanted me to type the name of their website in the run command box so I then started having a bit of a debate with him. (The website is www.s o c 321.com, [without spaces, if anyone's interested. ) Having told him that I'd typed the name "Support on click" into Google and that it showed up as a scam, he then started arguing with me that if I typed in Microsoft or IBM into Google, that no doubt that would show up as a scam! unfortunately I then got another call, so had to hang up on him.

As I'm a cynical old sod, I suspected from the beginning that this was some type of scam call. Unfortunately those with less than my limited knowledge of the workings of the PCs may find it all quite plausible and sign up for something or even worse, install a Trojan.
I expect you are spot on with your cynicism over what he had planned for you!

At the same time as he was instructing you to visit that website, he would have been monitoring the access log file for the webserver hosting that website he told you to visit.

His webserver (121.244.209.135) is in Bombay. It is a Fedora Linux machine running Apache/2.2.6.

From those Apache access logs, he will harvest the IP address of your machine.. This is what an Apache log entry looks like..

Code:
66.249.71.214 - - [09/Jun/2009:23:25:49 +0100] "GET /pap2/codebaseGPL/?C=S;O=D HTTP/1.1" 200 1727 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
That log entry is the fingerprint left by the harmless "Googlebot" which just visited one of our sites. It shows the IP address of Google's machine (66.249.71.214) and it shows the software that the Google bot is running.

But from his Apache logs, your friend in Calcutta now knows the IP address of your machine. He also know the browser software you are running. From an "nmap scan" of your IP address, he will fingerprint your machine's TCP/IP response. From this he will discover the exact version of operating system that you are running.

He will invariably use all of this information in some nefarious way. A common technique is to perform a "port scan" to discover any open services on your machine. Perhaps you have left an ftp or irc server running that is vulnerable to a "globbing" attack or a buffer-overflow attack. From a second type of port scan, a "nessus scan", he will learn exactly which network services "listening" on your machine are vulnerable to attack.

Exploiting one of the vulnerabilities he unearths from these scans, your Indian friend will then install a back door into your machine.

That back door will allow him to gain access at any time to your machine. He will be able to read your emails, recover your online banking passwords and your paypal, ebay and hotmail passwords. He can plant child pornography on your drive. He can send spam from your machine that bears your name. Or he can use your machine as a zombie from which to launch attacks on other machines, and so on..

One very famous piece of backdoor software is called "Back Orifice". It's probably obsolete now, but in its day, while very simple, it was also very powerful... All it did was "bind a shell to a port".

Once the backdoor is installed, the attacker simply telnets to some arbitrary TCP port on your machine where he has bound the Back Orifice shell. He is then presented with an MSDOS prompt..... C:/>

At that prompt, he can issue any command he wishes on your machine. He can open sockets to other machines, and he can download new software on to it. In essence he can use your machine just as if it is his own.

Has anybody expressed their concerns over this operation to the National Hi-Tech Crime Unit at the Serious Organised Crime Agency?


.

Last edited by asbokid; 10-06-2009 at 1:59 AM. Reason: added URLs
asbokid is offline
Report Post
The Following 5 Users Say Thank You to asbokid For This Useful Post: Show me >>
# 18
gaming_guy
Old 10-06-2009, 5:58 PM
Fantastically Fervent MoneySaving Super Fan
 
Join Date: Jun 2006
Posts: 5,981
Default

............

Last edited by gaming_guy; 12-06-2012 at 10:55 AM.
gaming_guy is offline
Report Post
# 19
bowensy
Old 11-06-2009, 5:19 PM
MoneySaving Newbie
 
Join Date: Jun 2009
Posts: 1
Default support on click

i had a phone call from them two weeks ago and the man said my computer is infected he wanted me to enter some letters and numbers and run this, i kept asking him where he got my number from and what company he was from. i hung up the first time but he was persistant and kept calling and telling me to do what he said, i kept questioning him and got quite nasty with me.
since then i have had two more calls from them, using different tactics, i just put the phone down now, although they do keep ringing back and asking for my husband or the owner of the property.
two of my friends have also been contacted and we are all with talktalk.
talktalk have been contacted and they say they are nothing to do with them and to hang up on them
bowensy is offline
Report Post
# 20
juliamarsh
Old 11-06-2009, 11:05 PM
MoneySaving Convert
 
Join Date: Jun 2006
Posts: 165
Default

I received a phonecall from them this afternoon and I am wondering if it is no coincidence that several of the people who have posted comments on here are with talktalk. I am with onetel which is now part of talktalk. Who knows, maybe a talktalk employee has accepted a backhander to provide this company with a list of names and phone nos of its customers, it would explain how they have got hold of our names and phone nos which I must admit did cause me some concern. Are any other people who have been contacted by this company talktalk customers?
juliamarsh is offline
Report Post
Closed Thread

Bookmarks
 
 




Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

 Forum Jump  

Contact Us - MoneySavingExpert.com - Archive - Privacy Statement - Top

Powered by vBulletin® Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.

All times are GMT +1. The time now is 8:52 AM.

 Forum Jump  

Free MoneySaving Email

Top deals: Week of 22 October 2014

Get all this & more in MoneySavingExpert's weekly email full of guides, vouchers and Deals

GET THIS FREE WEEKLY EMAIL Full of deals, guides & it's spam free

Latest News & Blogs

Martin's Twitter Feed

profile

Cheap Travel Money

Find the best online rate for holiday cash with MSE's TravelMoneyMax.

Find the best online rate for your holiday cash with MoneySavingExpert's TravelMoneyMax.

TuneChecker Top Albums

  • ED SHEERANX (DELUXE EDITION)
  • SAM SMITHIN THE LONELY HOUR (DELUXE EDITION)
  • VARIOUS ARTISTSKEEP CALM & CHILLOUT

MSE's Twitter Feed

profile
Always remember anyone can post on the MSE forums, so it can be very different from our opinion.
We use Skimlinks and other affiliated links in some of our boards, for some of our users.