Jump to content

Recommended Posts

This is so strange!  

Yahoo verification codes coming from SAME number as a known scammer calling me for 3 months!!

On 10-5-16 I began to get calls from scammers saying they were working for tech support at a company called
TechLiveConnect.com, which was just changed to PremiumTechSupport.com and I had a refund coming. I called the
company I had done business with for info at 877-958-7560, but was transferred to the scammers IN MID CALL. Later, I
got 4 calls from 408-610-4900, some seconds apart, from different live techs wanting to work on my computer all
supposedly from Avangate (the parent company to PremiumTechSupport and TechLiveConnect) but they were all telling
me to call them back at the number I called in the first place which started the scam: 877-958-7560
(PremiumTechSupport.com & TechLiveConnect.com.)  I've gotten 15 calls from 408-610-4900 between 10-5-16 and 12-
15-16 when they may have changed numbers.  
 
Now the really strange part.
On 12-31-16, and again on 1-12-17, I was logging into my email and had to get a verification code from Yahoo so I had
Yahoo call my phone. The verification code came from 408-610-4900, the EXACT SAME NUMBER THE SCAMMERS HAD
USED for the past 3 months. That's quite a coincidence!!!
The 4 calls mentioned above could not have come from Yahoo because my computer was turned off.  I was not using my
email.  It was not a recorded voice reading numbers, those were real people wanting me to log into my bank account.  

When I looked up the number months ago, it was registered to a known spammer, not Yahoo.
 
I would like to hear from Yahoo what the actual number is which the verification code call is supposed to come from but
there is nobody to talk to there.  Does anyone remember what number Yahoo's verification calls came from before 12-15-16?

Had Yahoo also just changed this number and just happened to get assigned the scammer's old number?  

Any guesses as to what's happening???
Thank you.

Link to post
Share on other sites

  • Administrators

Hello @Confuzzled. Yahoo!'s two-factor authentication (2FA) codes can come from (408) 610-4900 (voice) as well as 837-401 (text). The scammers most likely spoofed the (408) 610-4900 number in an attempt to make you think it was Yahoo! I'm not sure what the 2FA phone number was pre Dec 15, 2016. Today it's what I just shared.

 

Link to post
Share on other sites

As msherwood has indicated, phone numbers can be spoofed.  The US FBI and the US IRS have both been spoofed where the CallerID of the recipient shows them as the caller.

I receive numerous spoofed calls.  Some are numbers like "000-000-0000" which is an impossible number.  Once I had a call that was literally 1one digit incremented from my phone number.  The US FTC sponsored a RoboCall challenge.  The winner won $50,000 and setup a system that uses "Simultaneous Ring" in what is called NoMoRobo.  This service is based upon the capability of a Phone Company to send a call to two numbers simultaneously.  For example a call can come in and ring at both one's Home Phone and Cell Phone.  NoMoRobo's toll free number has also been spoofed.

Since you seem to be a target of these scammers, I would suggest changing your Phone Number(s) that has been targeted by these scammers.


1.  For the sake of clarity, presume my number to be; 646-777-1234, the CallerID was shown to have called from;  646-777-1235

 

Link to post
Share on other sites

Thank you.  I actually thought of the possibility you both mention, that they want me to think the verification code came from Yahoo.  I even removed a sentence about this from my post because of one flaw I didn't think they could overcome and that is that the verification codes worked.  How can they get into Yahoo's system and send me a valid verification code?  Or could they be setting up my computer to accept whatever code they send?  If it didn't work and I had trouble logging in I would suspect the number spoofing.

I was called again yesterday and they are now hiding their numbers completely, probably because I've reported every number from them to the feds.  However, I can still get info about the nameless, numberless person calling through more legal channels, and I am formulating a legal request for info at this time.  If necessary, I can also subpoena the info.

It is looking like I may have to change my number.  

I have noticed that some of my new security software from IBM does not seem to work any more.  It is supposed to watch password use.  I need to talk to them.

1. I assume they can do the same thing with text messages as with the voice calls?

2. I tried running a keylogger detection program once but it messed things up a little and I couldn't understand the output.  How does one find and remove a keylogger?

I have changed ALL my passwords to every site I have ever visited over the last 8 years to random strings of digits around 30 characters long, or as long as allowed.  Logging into my computer is also a very long string. 

3. If they are sending me the verification code so I, and they, can get into my email, does this mean they aren't troubled by my very long password, or does that still slow them down? 

4. Now and then Malwarebytes anti-exploit stops working and I have to reinstall it.

5. Ever since I had to reformat my computer on 10-6-16, the computer has been different.  HP refused to get me back to the version of Windows 7 I had to begin with.  Little by little, the computer seems to be doing things differently than it used to.  I don't know if it's due to something being wrong or is it simply because of several new security programs being used now.  For example it takes longer to shut down.  Yesterday chkdsk got stuck trying to fix a problem on C drive so after an hour I shut it off manually with no problem.  Also, my screen flashes black briefly a couple times before the desktop goes away every time I shut down.  That's a new development.

6. Assuming I change my phone number, even if I bought a new computer, do I have to worry about existing online accounts?  Can these guys still get into them if the accounts have new passwords, proper verification codes, no key logger on the new computer, etc? 

7. I know some local repair techs and I think I should have one come in and check the computer thoroughly.  I will not let them do it by remote control or by dropping it off with them so I can keep an eye on what they do.

Thank you for your input.

 

Link to post
Share on other sites

1. I assume they can do the same thing with text messages as with the voice calls?

I can't say that I know the answer to that but I suppose they can.

2. I tried running a keylogger detection program once but it messed things up a little and I couldn't understand the output.  How does one find and remove a keylogger?

I have changed ALL my passwords to every site I have ever visited over the last 8 years to random strings of digits around 30 characters long, or as long as allowed.  Logging into my computer is also a very long string. 

Through the use of MBAM and traditional AV software.  Note that key-logging software is quasi legitimate.  If you are an employer you can install key-logging software on your company furnished equipment.  If you are a parent you can install key-logging software on your children's equipment ( albeit it is NOT the best parenting technique ).  However it is illegal to install the software on a non-family member's computer such as a girlfriend/boyfriend, neighbour, competitor or other entity.

I have taught my personnel techniques for passwords.  There is a bell curve for password security.  The complexity is in the use of;  Uppercase, Lowercase, Numbers and Special Characters.  Overly long and randomized passwords open the door to syntax errors and the inability for memorization.  This is a whole different discussion topic and I don't want to go into depth "here".

3. If they are sending me the verification code so I, and they, can get into my email, does this mean they aren't troubled by my very long password, or does that still slow them down? 

They are computer generated and personnel don't have access to the actual passwords unless YOU provide them verbally or in text.

4. Now and then Malwarebytes anti-exploit stops working and I have to reinstall it.

That's a product support issue that would be best addressed in the associated support sub-forum as a singular topic and not mixed with other subject matter.

5. Ever since I had to reformat my computer on 10-6-16, the computer has been different.  HP refused to get me back to the version of Windows 7 I had to begin with.  Little by little, the computer seems to be doing things differently than it used to.  I don't know if it's due to something being wrong or is it simply because of several new security programs being used now.  For example it takes longer to shut down.  Yesterday chkdsk got stuck trying to fix a problem on C drive so after an hour I shut it off manually with no problem.  Also, my screen flashes black briefly a couple times before the desktop goes away every time I shut down.  That's a new development.

That's a problem with some retail systems.  You may be able to obtain a set of CD or DVD OS installations disks at some nominal cost that will install the OS to a factory default.  If you buy the OS Over the Counter ( OTC ) you can install the OS on a singular platform any way you'd like.  One of the problems with these "factory defaults" is the crapware that is included in that factory OS image.

Any issues with the OS and its installation problems would also be best addressed in the General Windows PC sub-forum as a singular topic and not mixed with other subject matter.

6. Assuming I change my phone number, even if I bought a new computer, do I have to worry about existing online accounts?  Can these guys still get into them if the accounts have new passwords, proper verification codes, no key logger on the new computer, etc? 

IFF you change your phone number, it is up to you to whom you may provide it to.  If you hold an account that requires a Phone Number be supplied, supply it.

It is up to you to protect yourself.  You can have a safe online account but if you fall for Phishing then that account and its associated data can be compromised.

Just changing the Phone Number and buying a replacement PC does not invite malicious actors to that information.  You are in control of your Personally Identifiable Information ( PII ) and it is up to you to protect it.  People are much to willing to give away their PII and those who state that privacy is dead, and you should give-up and give-in, are the ones who want your PII and will abuse it.

7. I know some local repair techs and I think I should have one come in and check the computer thoroughly.  I will not let them do it by remote control or by dropping it off with them so I can keep an eye on what they do.

Sounds like a plan.  

 

Edited by David H. Lipman
Edited for clarity, spelling and grammar
Link to post
Share on other sites

Thanks Dave,

#2.  I haven't gotten any indication from any software that there was a keylogger installed.  It was just a suspicion from something I read.

#3.  I have never given anyone any info allowing them to access my email.  Besides, I change the long passwords more regularly and use multiple verification security.  I guess the fact that they are still calling could mean they still don't have whatever they are looking for.

#6.  I only type my phone number online where required for certain forms, purchases, etc. or to give it to a friend or relative.  If I change it, I'll be giving it to a lot of people as happened many years ago.

#7.  I really liked finding local repair techs willing to make house calls for no extra charge.  The work gets done faster and I can see everything being done.  Unlike Best Buy which has a turn around time of 2 weeks and I can't watch or the remote techs from HP who change things to how "they" want them and will absolutely refuse to put them back the way "I" want them.  Everyone does things differently so if I call back and tell a new tech to undo something, they have no idea what it was originally so they can't.  In the past it has taken up to 3 months for most unwanted changes to be reset by the very techs who messed them up in the first place, if they could do it at all, and most couldn't.

The HP techs messed things up so much I can't tell if things are right or wrong, only that they are not what they used to be.  And constant little changes popping up now and then don't help.

 

Link to post
Share on other sites

  • 3 weeks later...
On 23/01/2017 at 0:10 PM, Confuzzled said:

#6.  I only type my phone number online where required for certain forms,  purchase

Some times company's sell data they collect to make an extra income and it can make it's way to less dubious company's/people so when filling in forms you have to look at the small print. Even well known company's have call centres where people details have gone missing ie stolen and sold. I find it is best to use a throw away mobile you can dump and a charged card so even if some one does get the phone number and card details the card will be dead and in a fake name and the phone is in a dummy name and all you have to then do is just replace them. All perfectly legal the only one who will know your details for the card will be the bank you get it from and you can ask for the card in any name you choose.

Link to post
Share on other sites

Thanks Paul, I'll keep an eye open for a cheap phone.

Things have quieted down in the past month.  I only got the 1 call on January 17 from the same guy who tried to get into my bank account.  He was nice enough to identify himself!!  I guess they got tired of me reporting them and their phone numbers because the number was hidden for that call.  I was able to get info about calls to and from my phone through my service provider and for that call, the guy changed his number to appear as mine.  Therefore the official phone record looks like I used my phone to dial my phone to have a conversation with myself.

I still haven't figured out why they used Yahoo's number back in Oct. and Nov.  Yahoo verification calls don't come in if one is not using their email, and they are not from live people.  

Thanks for your help.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.