This is not the first time phone scammers have pretended to be from large companies and offering free troubleshooting services. In the past, phone scammers were calling people and stating that they were from Microsoft who had detected that their computer had a problem. They would then offer to remotely fix their computer for a fee. Eventually Microsoft caught wind of this scam and warned about these scammers on their Windows blog.
I was first alerted to this when a friend said they were infected with the Smart HDD rogue anti-spyware program. They were concerned because they thought the Smart HDD warnings were legitimate and entered their credit card information and phone number. The credit card did not go through, so I alerted him to contact his credit card company and if he chose to keep the same credit card number to at least keep an eye on any charges. The next day, he received a phone call from 321-329-5304 on the same mobile number that he entered on the Smart HDD screen. He told me that the person calling had an Indian accent and was telling him that that they were calling on behalf of Google because it appears that he had a computer infection. He then tried to have him install the TeamViewer software so that they could remotely connect to their computer. Thankfully, my friend realized that something did not sound right, hung up the phone, and called me.
I did a little research on the number and saw that he was not the first person who has had a call from these people. In fact there were other complaints regarding this number and a company called Gooseberry Tech. I started up a Windows XP virtual machine, infected myself with Windows ProSecurity Scanner and gave them a call. A man with an Indian accent named John answered and I explained that I received a phone call from them a few days ago and decided I still needed help. I explained that I think I was infected and he had me go to the site http://www.gbdl.tk/ where I was asked to download and install TeamViewer.
Once TeamViewer was installed, they remotely took control of my computer and started poking around. It was fairly obvious from the beginning that John had absolutely no idea what he was doing. He couldn't understand why Windows ProSecurity Scanner would open when he attempted to run Internet Explorer or Windows Task Manager. I sat there for about 5 minutes watching him continue to try and open these two programs repeatedly until I hinted that it was probably the virus interfering. He then proceeded to look over the Windows Event Viewer where he would point out innocuous messages and state that they indicated I had a a severe problem on my computer. After a while, they went in for the kill and asked me to pay for a support contract, which was quickly declined. They said if I still wanted help I could reach them at 1-800-501-0335, 650-204-4405, or 321-329-5304.
When you visit their web site, www.gooseberrytech.com, you can see how they are really pushing a Google affiliation. There are Google logos everywhere and the Gooseberry logo has a very Googly feel to it. In small print under the Gooseberry logo it states that their parent company is iHorse Technologies, which is a remote support company based out of Toronto, Canada. Furthermore, the company phone number listed on the Gooseberry site is the same that I was given, 1-800-501-0334 and 1-800-501-0335. When you do a Google search for 1-800-501-0335, the first search result is for iHorse Technology.
Gooseberrytech.com Web Site
One alarming thing I have noticed is a connection between these phone calls and the rogue anti-spyware program called Smart HDD. In comments found online, a common theme is that people who have become infected with a rogue like SMART HDD, and who may have possibly purchased it or attempted to contact the malware developers, will then receive a phone call from Gooseberry Tech. This will not be the first time that we have suspected rogue developers are working both sides of the fence. There have been hints of rogue developers not only infecting people for profit, but also creating actual removal blogs in order to generate ad revenue and affiliate commissions from the removal of their software.
At 800notes.com, a popular site used by people to report phone numbers used by scammers, there is a topic about the 650-204-4405 number where many people complain about these scammers. One of the replies to this thread is supposedly from the iHorse president in which he states their company is not involved. I have called and emailed iHorse Technologies but have not received any comment back from them.
With this said, beware of any phone calls from people who state that they are calling on behalf of large companies like Microsoft and Google. Microsoft and Google will not call you to offer free phone support or to tell you that your computer is infected. If we receive these calls, promptly hang up and report it to the FCC or other government authority.
Also, the IRS won't be calling you either so beware of anyone saying your computer is infected.