Most people know Malwarebytes as an American Internet security company that specializes in protecting home computers, smartphones, and companies from malware and other threats. Their most famous product is Malwarebytes Anti-Malware which is one of the top antivirus software in the market. But what most people don’t know is that Malwarebytes is also engaged in scambaiting and research about scammers and cyber-criminals.
This story starts in 2015 when Malwarebytes became aware scammers used their brand and logo to imitate them to scam unaware consumers out of their money. The scammers posed as Malwarebytes support hotline and created fake websites and social media profiles, always promoting US toll-free numbers for consumers to call if they need help with Malwarebytes products or virus removal.
Malwarebytes did the typical scambaiting, called the number and let the scammers connect to a virtual machine to see what they will do and who they are. During that process, they found out these scammers identified as “Geeks Technical Support LLC”, supposedly based in Arlington, VA. The scammers ran a bunch of bogus scan before trying to charge money for their “service”. This article can be found here.
In 2016, Malwarebytes wrote a follow-up article on the same scammers, which by the time had already ramped up their business and created new websites, further impersonating Malwarebytes and fraudulently using their intellectual property and trademarks. Malwarebytes found out the call center company behind the scam is named Geeks Technical Solutions Private Limited based in Chandigarh, India. They also found out about Kunal Bansal and Mohit Bansal, the two brothers and then-directors of the company. The call center is one of the most infamous ones of all time, with about 500 employees working in the scam business.
Malwarebytes managed to find out also about their previous business, PNR Jewellers and found the rest of their shell companies Mark Software Systems Pvt Ltd and Blue Alpha IT Pvt Ltd. This article can be found here.
Fast forward to 2018, Malwarebytes noticed that the same scam call center was still active. Even worse, they did business using the typical tech support scam popups, claiming that the victim’s PC is infected with a trojan/malware which only the “certified technician”, available under the displayed toll-free number, is able to remove. Malwarebytes also found out about the call center’s expansion to Tunisia to target French-speaking victims in France and Canada, something which, to this date, is pretty unique. As per my own sources from within the scam call center, a couple of (Indian) employees were sent to Tunisia with the goal of staying there permanently to set up the call center, establishing processes and training new staff – a giant business decision for a scam call center out of India, also a pretty costly one. Key personnel for this operation was Vikas Bhatti, Expansion Manager at Geeks Technical Solutions Pvt Ltd.
Luckily, Geeks France did not exist for a very long time. Internal sources told me of problems with training the local employees to the expected levels of the Indian call centers. The website was shut down and the Indian staff members relocated back to India. The article can be found here.
Independently, I had researched the exact same call center and infiltrated them from within as well as targeting their phone systems, causing immense damage to their operations and preventing them from scamming victims. According to a source, the daily turnover had been halved, from $100,000 to around $55,000 per day. I’ve summarized my findings in my YouTube video on my channel NeeP Scambaiting:
The negative press hadn’t gone unnoticed. Geeks Technical Solutions Pvt Ltd tried several times to get rid of the unwanted publicity, both my YouTube videos by misusing the copyright system and sending false DMCA copyright takedown requests to YouTube (which is illegal, my videos fall under Fair Use and thus are exempt from copyright claims) and also the articles by Malwarebytes.
Initially, YouTube did take down the videos but luckily restored them after sending a counter-notification as my videos and the use of their trademarks and copyrighted material falls under Fair Use which is exempt.
America Geeks tried to get Malwarebytes to remove the articles by sending two of their employees, Chinky Sharma, Head of Customer Care, and Naresh Kumar, Head of Research & Development and right hand of Kunal Bansal, pretending to be a lawyer. Malwarebytes had pretty interesting calls with Naresh which I’ve published with their permission in this video from 04:00 minutes onwards. It goes without saying that obviously, Malwarebytes did not comply with the requests of Geeks Technical Solutions and all the articles are still up online. They published the transcripts of the calls with Nash on their website.
I’ve shared my findings and resources with Malwarebytes, even submitting them my research about the US-based money mule of the scam, Hollywood actor Julian Brand (now: Julian Finch), based in Marina del Rey, CA. A full-fledged post about him and all evidence can be found in my other article: Actor Julian Finch is a criminal and scammer.
Malwarebytes thanked me for the submitted information and research and gave me a shoutout in their article A conversation with America Geeks.
I want to thank Malwarebytes at this point for their continuous efforts in researching and fighting (tech support) scams, even over multiple years. Apart from Microsoft and their Digital Crimes Unit, it’s hard to find this kind of engagement for this issue in the industry.
- Beware of Tech Support impersonators (October 2015): https://blog.malwarebytes.com/threat-analysis/2015/10/beware-of-tech-support-impersonators/
- Tech Support Impostors Part II (May 2016): https://blog.malwarebytes.com/cybercrime/2016/05/draft-tech-support-impostors-part-ii-where-are-they-now/
- Tech support scammer tries to sell free software (December 2017): https://blog.malwarebytes.com/cybercrime/2017/12/tech-support-scammer-tries-to-get-into-your-router-sell-free-software/
- Tech Support scammers GeeksHelp caught again (March 2018): https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2018/03/same-tech-support-scammers-caught-again-two-years-later/
- A conversation with America Geeks (May 2018): https://blog.malwarebytes.com/cybercrime/2018/05/conversation-america-geeks/