All "Customer Service Roads Lead to this Number". It associates with this IP address: https://s

By captaincranky · 15 replies
Apr 5, 2018
Post New Reply
  1. The problem I'm having with this, is a call center apparently built using Google Sites template may be masquerading as an official Google help number. Since I don't have an Administrative account with Google Suite support, I'm hoping someone will help investigate this with me.

    All "Customer Service Roads Lead to this Number, 1-888-712-1422". It associates with this IP address: https://sites.google.com/sbsind.in/g0ogletechhelp/home

    I was locked out of my Gmail account (temporarily) So I searched for a Google toll free to find out what was up The number above kept being returned.

    After a chat, and some remote assistance, The Indian gentleman on the phone claimed my password had been changed 2 times in the past 3 days, once from San Antonio, Texas

    And then allowed me to see a scan, which claimed my machine was infected with "Koobface".

    Well, I don't belong to Facebook, Twitter, haven't downloaded any new "video players or updates", and don't have any friends. (y'all know what that's about right)? So obviously, I haven't clicked on any bad links in personal emails. Where the heck could this Bot come from?

    Soon I being asked for $90.00 to fix the problem. And offered a 3 year subscription to some AV product.

    I asked if I reformatted the computer, would that cure the worm. I was told "no because my email was infected".

    Then, we were temporarily disconnected, by the person called back, which I'm wondering if it was a ploy to determine if the phone number they had on me was legit.

    Later, I was able to access my email account, and the only questionable log-ins Google was aware of, was when I tried to log on with another machine on my home network. (No mention of changed passwords or San Antonio).

    Now, I ran a scan with Avira, which shows no infections, and no detections, "Koobface" or otherwise).

    Now, if this is a bogus company trading off Google's name, it certainly is high profile, and needs to be looked into and / or shut down.

    What thinkest thou?
     
    Last edited: Apr 5, 2018
  2. jobeard

    jobeard TS Ambassador Posts: 11,523   +1,165

    Is this still an ongoing issue?
     
  3. jobeard

    jobeard TS Ambassador Posts: 11,523   +1,165

    Testing the URL as being related to Google:

    Pinging www.google.com [74.125.24.99] with 32 bytes of data:
    Reply from 74.125.24.99: bytes=32 time=178ms TTL=43
    Reply from 74.125.24.99: bytes=32 time=174ms TTL=43
    Reply from 74.125.24.99: bytes=32 time=176ms TTL=43
    Reply from 74.125.24.99: bytes=32 time=177ms TTL=43

    Ping statistics for 74.125.24.99:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    ===

    • ping sites.google.com << site in question

    Pinging www3.l.google.com [172.217.3.206] with 32 bytes of data: << the true dns name
    Reply from 172.217.3.206: bytes=32 time=41ms TTL=50
    Reply from 172.217.3.206: bytes=32 time=40ms TTL=50
    Reply from 172.217.3.206: bytes=32 time=42ms TTL=50
    Reply from 172.217.3.206: bytes=32 time=39ms TTL=50

    Ping statistics for 172.217.3.206:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

    • nslookup sites.google.com
    Server: 1dot1dot1dot1.cloudflare-dns.com
    Address: 1.1.1.1
    Non-authoritative answer:
    Name: www3.l.google.com
    Addresses: 2607:f8b0:400a:809::200e
    74.125.24.100
    74.125.24.101
    74.125.24.102
    74.125.24.113
    74.125.24.138
    74.125.24.139
    Aliases: sites.google.com

    • whois 74.125.24.113

    #
    # ARIN WHOIS data and services are subject to the Terms of Use
    # available at: https://www.arin.net/whois_tou.html
    #
    # If you see inaccuracies in the results, please report at
    # https://www.arin.net/public/whoisinaccuracy/index.xhtml
    #


    NetRange: 74.125.0.0 - 74.125.255.255 << VALID GOOGLE IP RANGE
    CIDR: 74.125.0.0/16
    NetName: GOOGLE
    NetHandle: NET-74-125-0-0-1
    Parent: NET74 (NET-74-0-0-0-0)
    NetType: Direct Allocation
    OriginAS:
    Organization: Google LLC (GOGL)
    RegDate: 2007-03-13
    Updated: 2012-02-24
    Ref: https://whois.arin.net/rest/net/NET-74-125-0-0-1

    conclusion: sites.google.com/... belongs to google
     
    captaincranky likes this.
  4. captaincranky

    captaincranky TechSpot Addict Topic Starter Posts: 13,371   +2,954

    You know @jobread, that's almost scarier then the site not belonging to Google.

    I do know, ("know" is perhaps a bit strong), that "sites.google" is also a template strategy, (brand if you will) to build a website of your own).

    All of these sites, carrying the same phone number, and they are manifold, have an (IMHO) unusual syntax, which appears to talk about Google in the third person.

    Thus far, the discrepancies in their assessment of my issue appear legendary, bordering on outright lies.

    The man on the phone told me, "the reason you can't log in is, your password had been changed 2 times in the past 3 days, once (???), and once in San Antonio, Texas"!

    Yet I was able to log in under my current password, a half hour after I calmed down, and let the account "rest", for awhile".

    Google itself (the real Google), sent me a report on "suspicious activity on my account". I tracked that back to me trying to login on a different machine in my own house With certainly no other reports of suspicious activity from, "the lone star state", or anywhere else in the past 30 days.

    The person on the phone "did a scan", which claimed I had the "Koobface" worm. I scanned my entire machine with Avira free, and no detection or warnings were noted. Then I scanned all of my browser & Google folders in "programs", again, no detections. I also scanned the Windows folder individually, same negative results.

    The machine is showing no signs or symptoms of infection with "Koobface" or anything else.

    Now, during the call I was asked to install this "GoToAssist Opener", https://en.wikipedia.org/wiki/GoToAssist Which was left installed after the "service call" was completed. It at least does show up in "installed programs", and I removed it.

    As near as I can determine, Google itself doesn't have customer phone support, with the exception being their "G Suite" subscription services.

    Something else which came up was, they asked me to do a full scan and repair on my machine, which would take 40 minutes, and cost $90.00. When I reneged and told them I would simply reformat my hard drive, they tried to tell me that wouldn't work because my "email was infected". So I obviously told them the issue must be server side, since the HDD would be cleaned off completely.

    For all the world these a**holes I was in contact with, give the impression they're the same people who call you on the phone and tell you they work for M$, and you computer needs fixing.

    So, either Google is sanctioning these imbeciles, has no idea who they're subcontracting with, or are being played through their website services.

    Here are a few of the web pages associated with this "Google CS phone #. Keep in mind they are completely different than the pages you reach (No phone support though), when you seek assistance through your Gmail account.

    http://www.gmailsphonenumber.com/

    https://sites.google.com/sbsind.in/g0ogletechhelp/home

    And this leader page from "linked in" https://www.linkedin.com/company/google-customer-service-number

    I really feel stupid and played after dealing with these people.

    I was hoping you'd respond to this thread, because of your web savvy. I won't be convinced this "Google Customer Service Number", is anything other than fraud, until I hear it from a G Suite exec, but I realize that's asking quite a lot.

    Again, thanks for ringing in on this.. (y)
     
  5. jobeard

    jobeard TS Ambassador Posts: 11,523   +1,165

    First, I only commented on the URL does belong to google (or is at least registered to them) AND it does resolve into a valid google IP address.

    Your analysis of gmail and the password stuff is spot on;
    • it's not on your system
    • normally it's configured for IMAP post-office to allow mutiple devices(yours) to access the same inbox
    • *IF* there's an infection on your system, it's in the TCP stack intercepting gmail access and frequently can be defeated with just a simple reboot (aka it's memory resident).
    I'm sure as soon as you got access, you changed the gmail password (you know the drill) Upper+lower letters, numbers and at least one special character). During this "experience", all your correspondents were exposed to SPAM showing you as the source. Look in the gmail:SENT folder to see what was delivered to be sure.

    As to phone support - - doubt it EVER existed or was properly staffed if so.

    BTW: OMG NEVER allow a support site to scan your system - - less you like to grab your ankles and kiss your *** goodbye.

    The WiKi https://en.wikipedia.org/wiki/Koobface suggest that your DNS settings may have been attacked also -- go to the NIC Adapter and remove anything that's manually configured; IP & DNS should be AUTO and have nothing else anywhere.
     
    captaincranky likes this.
  6. captaincranky

    captaincranky TechSpot Addict Topic Starter Posts: 13,371   +2,954

    @jobeard Many thanks again.

    I have to go pretend I actually have a life in the mortal realm for a couple of hours.

    When I get back, I'll address your suggestions and concerns point by point. (y):D
     
    Last edited: Apr 6, 2018
  7. captaincranky

    captaincranky TechSpot Addict Topic Starter Posts: 13,371   +2,954

    Yes, and the guys in G Suite should reclaim it, and shut that Indian fraud call center down, ASAP!

    Yes, I'll change the password, my only delay is deciding whether or not to invoke 2 step authentication, and have Google call a code to my land line every time I try to log in. I don't need roaming privileges, since I don't have a wireless "device".
    As I said, it's a rip off call center masquerading as a legitimate Google site. It almost gives one pause to wonder if you could sue Google for not vetting it properly.


    I know right, you'll get treated like "Andy the Randy Vampire", bent over a church pew, then have a fleshen stake driven through your rump


    I'm like 99+% sure, there's no infection on this computer. I'm fairly certain these people, instead of dropping a rogue RAT on your system, are opting to install legitimate software, and using it as one. I suppose it's likely the truly naive would leave it installed. I didn't.

    I'm also fairly sure the "scan" they pretended to do, was little more than a prepared "video scare clip". After all, it was reading that my "Skype was infected". Guys, I'm a complete Luddite, WTF is "Skype"?

    My email still shows the maybe 10 emails I've sent in the past 10 years, and my contact book is virtually non-existent. It's true, I'm exactly the insular misanthrope I'm "pretending to be"

    My password couldn't have been changed in San Antonio, because I can still log in with it..

    In any case you lost me at NIC. My Windows NIC (?) is set to auto, and the only other piece in my system is a FIOS router. I don't even think Verizon will let me into that, other than to change my Wi-Fi password, which BTW, I don't use. Sharing is off between my machines, and I pull the CAT-6s, when I don't need a machine connected to the web.

    There no financial info or passwords stored on my computers, and I make my creditors mail me paper statements.

    There's actually very little sense in trying to hack me, unless you're a fan of erotic art, and that's all backed up anyway. Besides, not having read "Dante's Inferno", I don't know in which circle of hell good wood is considered legal tender,.

    I will say these clowns at the site in question have their social engineering patter down to a science. I only balked when they tried to mention money. OK, so I'm a cheap, er, I mean "thrifty", insular, misanthrope, nobody's perfect..;)

    And thanks again, for taking an interest in this with me. (y)
     
    Last edited: Apr 7, 2018
  8. jobeard

    jobeard TS Ambassador Posts: 11,523   +1,165

    Skype is an online video conferencing tool - - You and the others go online at the same time and can then SEE & HEAR one another at the same time.

    Change it anyway & immediately. Forget 2FA - - I don't give out my cell number for this lame stuff either.

    Then ALL IS GOOD. The exposure was to your browser and TCP settings - - you're done with this.
     
    captaincranky likes this.
  9. captaincranky

    captaincranky TechSpot Addict Topic Starter Posts: 13,371   +2,954

    Oh come on Mr. Beard, you surely had to know that, "what is Skype", was a rhetorical question.

    In fact, I made a charcoal drawing of two people Skyping,. It's on my cave wall, right between the mastodon and the Puma God images...;)
     
  10. jobeard

    jobeard TS Ambassador Posts: 11,523   +1,165

    Well, with your persona perhaps :sigh:
     
  11. captaincranky

    captaincranky TechSpot Addict Topic Starter Posts: 13,371   +2,954

    Yeah, point taken. I should probably dial back on the sarcasm, slang, and flippancy, when I'm dealing with a subject with as much gravitas as I honestly believe this topic has.

    At its core, this topic never was, "what's wrong with my computer", because nothing is. But rather in the alternative, "what's wrong with this website"! Which is why I posted it in "Site Feedback & Suggestions", as I had hoped that @Julio Franco has a subscription to "G Suite" actual Google support, and he would report this BS scam to Google, the REAL Google..

    Now, the only reason I called the published toll free, is simply because every other major online business I deal with, has one. Most notably, Amazon, Newegg, Walmart, Musician's Friend, et al. Google apparently doesn't have a support number for the general public! Plus it was late, I was tired, I panicked, or whatever. I might have even locked my self out of my account, with a mistyped password or three...:oops:

    Now, I was dead on correct about the nature of this site, when after finally, I tracked their home page and found this:

    Disclaimer
    We are an Indepenent information provider for Gmail. We are not associated with any company or third party - trademark,logo,brand name ,product and services are used for informational purposes only.Thus, we hereby disclaim any sponsorship, affiliation and endorsement of or by any such third party.

    Here's the corresponding link: http://www.gmailsphonenumber.com/ And please note the mutts can't even spell "independent".

    IT'S A SCAM
    , pure and simple.

    The people running the site make many behavioral assumptions about those who are likely to contact them. Such as Facebook membership, clicking on bad links, skyping or many other activities that more inexperienced, or more social, and more conformal computer users undertake.

    So when I said.."WTF is Skype". what I meant was, "how can Skype be infected on my computer, when it isn't even installed"?

    As I stated before, they drop a RAT on your system, in the form of a well known and ostensibly legitimate, published program.

    Then the fun begins. The alleged "scan" they initially perform, (which took under 10 seconds!), is, (I'm 99% sure), naught but a video clip of a completely fabricated result, showing that everything which could possibly be infected on a machine was.

    Now, as for "Koobface", (and I read the Wiki on it as you did), it's several years old. So ostensibly, even my free edition of Avira, should easily be able to pick up it, along with its variants! So, this machine isn't infected, and that's fraud, by claiming it is.

    Additionally, my password couldn't have been changed anywhere, because it still works to access my account. And that's telling me that statement was, fraud as well. Should I continue?

    In any event, Google has a scam call center operating on its own web hosting services "sites.google", and trading / infringing on its name, it's reputation, and even its trademarks.

    This may be "just another day on the web", to some people, but it doesn't strike me as anything remotely resembling that, or anything remotely approaching acceptable.

    In fact it's scam Indian call center. Since I don't want to be politically incorrect, (in spite of the fact 99% of these sites are staffed by people with rather obvious Indian accents), or accused of "racism", let's just say it could be Russians, taught to speak English by labor imported in the form of an English speaking Indian.

    Now, if you and/or staff won't, or for any reason can't, assist or work me with on this issue, I humbly request you suggest a course of action for me to pursue on my own.
     
    Last edited: Apr 9, 2018
  12. jobeard

    jobeard TS Ambassador Posts: 11,523   +1,165

    I am not aware if SKYPE is a pure web app or if there is an installable component -- I use Hangouts instead
     
  13. captaincranky

    captaincranky TechSpot Addict Topic Starter Posts: 13,371   +2,954

    Last edited: Apr 9, 2018
  14. jobeard

    jobeard TS Ambassador Posts: 11,523   +1,165

    I'll make my summation and then bow out.

    • This is not as serious as a home invasion as a new email is easily created.
    • Gmail is not associated with Techspot and those responding to issues here are just volunteers.
    • While not kind (as if there is any still left on the planet), it's far too easy to reproduce all of your symptoms without invading or infecting google. The most dangerous program on every system is its web browser. From there, your email accounts are exposed.
    I feel for your pain, but no one here will Bless You My Child, kiss your boo boo and make it all go away. It's time to just move on.

    I'm done here...
     
  15. captaincranky

    captaincranky TechSpot Addict Topic Starter Posts: 13,371   +2,954

    May 15, 2017, 6:26 AM PST
    https://www.techrepublic.com/articl...-tech-support-scams-with-operation-tech-trap/

    By Shawn Knight · 10 replies
    Nov 20, 2014
    https://www.techspot.com/community/...hat-conned-120-million-from-customers.206988/

    by EMIL PROTALINSKI — Oct 3, 2012 in MICROSOFT
    https://thenextweb.com/microsoft/20...rt-scams-that-have-tricked-tens-of-thousands/

    I hardly think inquiring about a rogue "tech support" site positioning itself on Google's hosting services, (.sites.google), would constitute "invading Google".

    With that said I concur that members here are volunteers, and can render, stop, or withdraw assistance as they see fit.

    As for all the "bless you", "kiss your Boo-boos", patter, while I'm certainly notorious for being flippant and disrespectful, I can't ever recall having been so to you.

    Thanks for the help you did render
     
  16. jobeard

    jobeard TS Ambassador Posts: 11,523   +1,165

    You did not that I recall & you're welcome.
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...