Facebook Likes and cold-call scams

Following an article I wrote recently for SC Magazine, Martijn Grooten of Virus Bulletin, who shares my interest in and dislike of support desk scams, contacted me about the web site associated with eFIX, a company claiming to offer online technical support. He and I, along with Steven Burn, who has a great deal of experience of working in this area, have been able to dig out some interesting info on a slightly different aspect of flaky support desk operations.

eFIX’s web page lists an office in Glasgow under the name eFIX Ltd, at 8901 Marmora Road, Glasgow, D04 89GR. However, a search at Companies House, while it did turn up several entries with somewhat similar names, didn’t find one in Glasgow, and the address doesn’t ring true. The postcode is a fake, and we can’t find a Marmora road in Glasgow (let alone one long enough to hold nearly 9000 street addresses). In fact, the same address turns up in a great many other contexts (design consultancies, music, accountancy, even a buffet service), suggesting the use of some kind of template/boilerplate. It also suggests that it’s not only PC support companies that are suspiciously shy about their real whereabouts. Or else 8901 must be an awfully big building. Of course, it could be an accommodation address for multiple businesses, but that doesn’t explain why the street address itself is so elusive.

eFIX also claims to be headquartered in London and has a UK 0800 contact number, but its web site turns out to be registered by Impeccable Solutions, in Gurgaon, Haryana, India.  In fact, the registration information is practically identical to that of the US-oriented Fusoft. However Fusoft does actually state that it is based in Gurgaon, though it lists a US 0800 number for contact. A little googling suggests that the same registrant is associated with other support sites: investigation continues, but the registration of multiple, similar sites suggests a site that expects to be taken down in the near future. eFIX claims to be “several years” old, but the site seems to have been created at the end of September 2011.   

The two web sites have a number of similarities. For example, the testimonials page for eFIX uses one photograph of “customer” Georgina that is also used on Fusoft’s “About us” page. A little strange, unless one company exists by providing support services to the other…

Even more bizarrely, the photograph of eFIX “customer” John Matthew is the same one that is used on eFIX’s own “About” page. A little less bizarrely, the smiley call-centre lady at the bottom of that page is also featured on Fusoft’s index page. Well, using stock photos isn’t necessarily fraudulent, but it doesn’t inspire confidence either. Both sites have near-identical lists of “prides”: this clearly suggests boilerplate text rather than reliable statistics. 

Company Type: Technical Service Provider 
Service Areas: PC Optimization  
Comapny Strenght :Its Core Values 
Availibility :24*7*365 
Approval rate :93%
Average waiting rate :60 secs
Resolution Rate :87%
Geographies :UK,U.S.A.Malasya,,China,Australia


When we started to write this, I didn’t know whether eFIX was actively engaged in coldcalling. While I see lots of cold-call scam reports, relatively few of those reports include the name of the company – and, of course, the reports usually come from people who don’t fall for the scam, so there are no credit-card transaction data to check back on. However, eFIX’s reviews page (which turns out to be a testimonials page rather than links to independent reviews) showed this interesting entry:

MR ANTHOny SCOTT CaLLED ME TODaY TO OfFER THE E FIX SERVICE, WhiCh has been fully explained to me and Mr Scott has been very helpful and patient. Thanks

(Presumably problems with the keyboard, notably the Shift and Caps Lock keys, weren’t in that particular discussion, then…) That sounds like cold-calling to us, but is it necessarily fraudulent?

One of Martijn’s initial concerns centred on eFIX’s Facebook pages, one of which is largely stuffed with testimonials – or reviews – as to how good the service is. These largely consist of messages going back to October 3 and appear to be from genuine Facebook users, though there is a suspicious similarity of tone, phrasing and misspelling about most of the entries that does not seem kosher. However, this entry clearly suggests that someone is using the eFIX FB page to reinforce a cold-calling fraud campaign. Martijn also noted a comment on the Facebook page from someone claiming to have been scammed and demanding their money back (which has subsequently been removed).

Assuming these Facebookers are correct, could that “someone” be a company other than eFIX? Other companies have, in the past, claimed that their competitors are responsible for similar campaigns. I suppose it’s possible that a company might use its own details for credit card transactions but use a competitor’s contact data to blacken their name.

In fact, while fusoft.org and efix.co are hosted on the same server, it’s possible that they’re also linked to other companies and sites. Steve has noted some similarities in content to several other sites, which lead to rich seams of Facebook pages and blogsites: too many to address in a single blog. But of course, a similarity in content doesn’t always indicate a formal relationship.

Fusoft.org’s Facebook page turns out to consist of pointers to blog sites like http://fixinternetbrowser.blogspot.com/ and http://windowsxptechsupport.blogspot.com, whose blog articles scrape content from sources such as CNET, though the source is generally acknowledged. (Not always the case with other sites we're looking at right now.)

This line of investigation set us off looking at other support sites still under investigation where the content may be more original, but the quality of the advice leads to the suspicion that the idea is less to provide a proven step-through process than to create difficulties that will persuade the victim to follow the copious links to “computer technical support providers” or “Dell technical support” or “Linksys support”, all of which lead to the same support site.

What conclusions can we draw from all this? Well, not as many as we’d like, at least from a legalistic point of view. Flaky marketing techniques are easier to track than unequivocal wrongdoing (definitions of which tend to vary according to region!).

What is clear is that there are a lot of companies and sites out there offering support, and even if they aren’t the same people making scam cold-calls – which in some cases seems pretty unlikely – they are basing their appeal to visitors to their web sites on bona fides that are pretty difficult to verify. It’s not that difficult to set up one or more new Facebook accounts and pages: unfortunately, there’s no simple and foolproof way of telling which accounts might be “dummies” set up purely to promote a product or service. Even where an account looks genuine and well-used, it’s perfectly possible that the victim of a rogue service has been persuaded to “Like” it as part of the scam, and anyone could fake a testimonial using stock photos and made-up names. Unfortunately, it also seems likely that we’re increasingly going to find Facebook pages and blog pages with scraped or even frankly deceptive content similarly used to add credibility to web sites whose authenticity doesn’t stand up to scrutiny. But it’s harder to trace and verify the accounts behind social media sites than it is a registered domain, and even those have their challenges.

Some related material:

David Harley, Martijn Grooten, Steve Burn

Author David Harley, ESET

  • Fer O’Neil

    Great post; very informative about this issue. Did you reach out to the companies notifying them of your post and offer them a chance to comment? Would be interesting to see their reaction (if any).

    • David Harley

      Thanks. That’s an interesting idea: I’ll give it some thought tonight. It would be interesting, if nothing else, to see how easy it is to contact sites that actually conceal their real locations.

  • Apurav

    An Ex-employee of this company have written a blog explaining each and every thing how these people are running such a big scam.

  • Jim

    This company recently phoned a customer of mine and told them the usual scam story of "their computer has a problem and they are from Microsoft and can fix it for them"
    When my customer replied that the computer had been recently installed by my company and was under my extended warranty so she would contact me to fix this "Imaginary" problem she was informed that she should not do this and instead sit at her computer and he would take control and sort it for her.
    She wisely said she would think about it but felt she was highly pressured just to let him continue.
    He told her his name was Andrew Simon (Although he apparatly had a heavy Indian Accent) and to ring him back on 0800 520 0304 asap as the problem needed to be urgently sorted.
    She contacted me and i rang this company and asked why they "Cold Called" my customer and lied to them only to be asked "What do I know about computers?"
    Please all be aware this company is a scam!!
    I am curently in the process of informing all my customers to ignore these cold calls and emphasise to everybody that Microsoft will never ring you to say your PC has a Problem!!
    PS I have also had another  customer who had the exact same conversation with another cold caller this time pretending to be from BT (British telecom)
    This is disgracefull predatory behaviour aimed at ensnaring the most vulnerable in society. Please be warned

  • Al

    Got home after being away for a week to find my wife had been scammed.  As above they phoned claiming to be from Microsoft and persauded her to sit at computer "fixing" problems – then extracted £149

  • Al

    should have added to post that they also claimed AVAST wasn't compatible with XP and got her to install some anti-spyware software.  A boot scan by AVAST identified a virus left behind by their fix: in file AMMYYadmin.exe was win32:PUP-GEN virus.  So worse than just a money scam.

  • Aaron A. Aaronson

    I'm also getting these scam calls! They say they are "Microsoft service and support headquarters" I told them that I run a mac and don't need their help and hung up…Found some helpful informations about them on
    You only have to insert the phone number and they show you a score of it, comments and where they're calling from

    • David Harley

      I’m afraid URLs are automatically stripped in comments. Guess you were referring to something like Callerr(.com) .

  • Aaron A. Aaronson

    no, the website i was talking about is tellows.com

    • David Harley

      Ah, I hadn’t come across that one. Thanks, looks neat. It would be useful to check out some of these types of site and add the useful ones to the AVIEN scam resource page: I’ll try to find some time to do that.

  • Aaron A. Aaronson

    maybe it works this way :)

    • David Harley

      Indeed. But don’t tell the comment spammers. ;-) Actually, since all comments are moderated, I’m not sure there’s much advantage to stripping URLs. We’re pretty good at spotting spam by eye. Occasionally it makes good blog fodder. ;-)

  • Rahul

    yes Fusoft and efix is a fraud 

Follow us

Copyright © 2017 ESET, All Rights Reserved.