Does anyone know who BTPSUPPORT are ? (As appears on Credit Card statements)

I own a company with the Initials BTP. Business Technology Partners Pty Ltd. (BTP for short).

These initials are incorrectly being associated with a possible scam.

Yes, we provide IT Support. If you Google search BTP Support (From a browser in Australia) or BTPSUPPORT, you get our business listings and from looking through the list of hits, we appear to be the only company linked to those keywords. People are finding payments on their credit card statements to BTPSUPPORT. This is not us.

Completing an Australian Company name (ABN/ACN) search for BTPSUPPORT/BTP Support as a company name or trading name finds no match.

If you Google “BTPSUPPORT” Credit card The listings then contain mentions of Credit cards being scammed low amounts. The card statements say “BTPSUPPORT 0800-73-6951 ” and “BTP SUPPORT 0800736951CYP”.

I have found an expired domain called www.btpsupport.com and I can see lots of people call themselves BTP (Worldwide).

I assure you, Business Technology Partners Pty Ltd of Australia has nothing to do with BTPSUPPORT. If you get such charges on your Credit card statement, I would be keen to know. Have you made any small purchases from eBay? Maybe from the iTunes store or Google Play Store ?

If you cannot recall buying any ring tones online or other small items and believe the charge to be fraudulent, contact your bank. Put in a dispute. The only way to stop these people, if indeed they are inappropriately charging, is to go via the banks following their process.

  • There is a BTP Support page for btpuk.com/btp.help, whom are not associated with us.
  • There is btpaustralia.com.au, whom is not related to us.
  • TheBenchtopPRO.com has a BTPSUPPORT email address and not related to us.
  • BTP also means British Transport Police
  • BTP Group (An AusDrill Company) in Australia, is not related to us.
  • www.btp.net is not related to us.
  • BTP Shopify plugin (Business Tech Pro) is not related to us.
  • btptek.com is not related to us.
  • btpi.com is not related to us.
  • We are not associated with BitCoinPro (BTP)

If anyone does work out who this is (we have had numerous people contact us whom have been debited) then we really would like a message from you.

Thank you

 

Warning: Correspondence from “Harcourt Management LLP”

If you have received any faxed correspondence from “Harcourt Management LLP”, in relation to a supposedly unclaimed inheritance, Bin it. It is a scam.

I see loads of people online asking questions as to the legitimacy of this fax. It is a fake. Key words to check:

  • Edward Baach JD
  • Harcourt Management LLP
  • Harclaw
  • HarclawLLP
  • Gilmoora house
  • Fax +44 207 806 8315
  • Edward@harclawllp.com
  • Ph +44 742 403 1888
  • edbaach2020@gmail.com
  • www.harclawllp.com
  • info@harclawllp.com
  • charituiti@mail.com
  • Mark Dewing of 89 Nile Road, Bunbury, Western Australia as the registrant of www.harclawllp.com

Don’t communicate as per the directions on the fax. They will ask you to fly over to London to sign paperwork and from there, who knows but it will end badly.

Scams are getting more and more sophisticated. They are getting tricker to detect and look more convincing.

I have personally received such a scam this week and after research online,  I can see that this scam is just starting to occur and is more widespread than I thought.
It is for this reason, I am bringing this to your attention and am going to tell you how I confirmed it is a scam.

Always remember,

If it is too good to be true, it’s likely not true!

That should be your first test. Is what you have received bordering on the unlikely, unbelievable and unfathomable?

At our office,  we have received a fax. (Not an email, a fax). It is directed at me and refers to very real family heritage in the UK.
It promises big rewards and no risk (First test fail!).

It is a directed attack. They have the correct name, correct fax number and correct family lineage.
They have done some research.

Please refer to this image (A copy of the fax). See if it fails your first test.

I am on a number of historical websites, my name is on our Business website and so is the business fax number. This could still be a real fax offer.
So why do I suspect it is not real? Lessons for you to use in any scam that comes your way!

I will mark items on this list which can be checked by an IT person. Not all of this will easily be reviewed by a non IT person.

Firstly, Why did I get this fax? Why not my Father, Cousins, Uncle’s? Surely someone else other than myself would be in line to receive any money before me?

  • Locating the website on the paperwork (harclawllp.com), emailing the email addresses on the website, many of the emails bounce (mailbox unknown). A real company would not let their info@ email address bounce.
  • Looking at the registration for the website, it was registered 28 days ago. The website has stamps on it from 2011 (IT Help required)
  • Looking at the web html code in their website, I can clearly see that the website has been ripped from someone else website and had the text changed. (IT Help required)(From the source code, it seems the design was a template taken from www.18carltoncrescent.co.uk/areas_of_work)
  • The lady justice logo on the fax looks grainy, not at all professional.
  • The fax changes through a few fonts on the fax. Not professional.
  • No mention of where the deceased person concerned actually worked or what the Top insurance agency was.
  • The fax comes from the UK and the stamp on the fax confirms this however, the fax report printed at the printer showed an Australian number.
  • The website was registered by someone in Western Australia. (IT Help required)
  • The western Australian registrant comes up in Google as hosting other scam sites
  • Looking up the law society in the UK (in Google), Harcourt Management LLP does not exist. ( https://www.hg.org/firms-united-kingdom.html )
  • Googling Edward Baach JD, he does not exist (At least not as a barrister or solicitor)
  • Reputable business rarely communicate via a gmail account. Especially when they have business addresses @harclawllp.com
  • Mixing Gmail and harclawllp.com email addresses on the same fax looks bad
  • Gmail account with “2020” in the email address looks wrong for a business.
  • Overuse of exciting logos barcodes, rubber stamps and watermarks.
  • There are two different contact phone numbers on the fax. Googling brings up neither. Law firms would advertise their numbers.
  • The website is very sparse. It was very recently registered https://domain-status.com/archives/2018-4-10/com/registered/108
    https://www.whois.com/whois/harclawllp.com  (IT Help required)
  • There is no online mention or obituary for Arthur Jenkin. Being such a wealthy person, surely there would be something in a newspaper.
  • There is no reference to a person of this name, in London or working for any energy company. (In Google)
  • My family name in the fax is in bold, it has an unusual amount of spaces after it (looks like a mailmerge).
  • LinkedIn found the company name https://www.linkedin.com/company/harcourt-management-limited/?originalSubdomain=au – they are in real estate, not law
  • Searching more for the company https://beta.companieshouse.gov.uk/search?q=harcourt+management+LLP, https://beta.companieshouse.gov.uk/company/06682592 , the address that comes up does not match
  • Emailed Golmoora house (Address on the Fax), they say there is no tenant of that name
  • Googled and found others online trying to establish of this guy was a scammer
  • I Emailed the staff listed on the website staff page (using secondary contact information I found from google). Each one said they did not work there and their images and credentials are being fraudulently used.
  • Clicking Edward Baach JD on the website goes to a William Baach ?
  • This fax was Highly confidential yet faxed to a business with 12 people to read it before it got to my desk … how could he expect a fax to be a secret?
  • The servers for the website are in Russia https://db.aa419.org/fakebanksview.php?key=129289  (IT Help required)

Harclawllp.com is a 28 days old domain, situated in Russian Federation. The domain is linked to the IP address 77.222.62.67.
Registration details show that it was registered on 10 Apr 2018 through pdr ltd. d/b/a publicdomainregistry.com and will expire on 10 Apr 2019.
The site returns a status code of 404. The site is being served through nginx/1.9.12.

So, without a doubt this is a scam. I played along. I emailed the Harclawllp.com address only to be told, please use gmail.
I reviewed the email header (IT Help required) and noted that they are using an email platform called Zoho, it is hosted email in UK. It is often used for spam attacks.

I then made contact via google Gmail. I reviewed the email header (IT Help required) and noted that google lists the email being from a Russian address and also that webmail was used to send it.

This just further adds evidence to this being a huge scam.

The person replying was doing so in broken English. I would suspect that this is not how a lawyer would respond.
In the Communication with the remote person, they tried to put the pressure on to allow them to sign documents in my name, documents unseen.
They also wanted my banking details. They then want me to fly to the UK next week to meet with him. (All designed to put pressure on me and stop me thinking clearly).

I asked the person if family living in London can meet with him as my proxy, he said no, although the fax stated he only came to me due to my last name. Weird. Surely a local “Jenkin” would be better.
He has now tried to convince me to setup my own Gmail as it is more confidential.

I am still in communication and gathering as much detail as I can for a Police case.

I have taken this a lot further than the average person however, this has become the classic example of what to look out for.

Hopefully this will help you all be careful with scams and be able to detect them early, else after further research, determine that they are a scam.

Always remember,

If it is too good to be true, it’s likely not true!

 

 

 

HP laptop with Random beeps

We have a laptop which randomly beeps. Three beeps. We have solved the problem but in case others have it, here is the description.

It is a HP EliteBook 9480m running Windows 7 (but that is not relevant).

We had HP change the Battery, Keyboard, mainboard and more. Still beeps. Booted into Safe mode, beeps.
Run all kinds of HP diagnostics, nothing appears to be wrong. Imaged the contents to another EliteBook 9480m laptop. It does not beep.

Back to the beeping laptop, uninstall any HP software (It was a fresh Windows install). Still beeps.

Tested the beep character at the command line, it sounds different. Tested the beep through the sound card, it sounds different. It sounds like a BIOS default beep.

Disable the Beep device and the sound card. Still beeps.

Started to listen to where it was coming from, there are no speakers near there.

It was the hard disk. If you listen very carefully you could hear a short mechanical sound and then Beep. The beep sounds so much like a BIOS beep, we were totally onto the wrong track. Does the hard disk have a tiny speaker ? Doubt it. I suspect the arm in the hard drive is making a noise that sounds like a beep.

how weird.

Now I look online knowing this and find many others point to the hard disk.

I guess after the fact, it is always easier to google and find answers, knowing the final fault 🙂

 

 

Tags: , , ,

Exchange 2010 EMC not opening “The WinRM client cannot complete the operation within the time specified”

When I open the Microsoft Exchange EMC on a server, the following error message displayed.

Initialization failed

The following error occurred when getting management role assignment for ‘domainname.local/MyBusiness/Users/SBSusers/Administrator’:

Processing data for a remote command failed with the following error message: The WinRM client cannot complete the operation within the time specified. Check if the machine name is valid and is reachable over the network and firewall exception for Windows Remote Management service is enabled. For more information, see the about_Remote_Troubleshooting Help topic.

Click here to retry

There are no additional errors in the Eventlogs. The server is running Exchange 2010 SP2. No proxy configured. Windows update is up-to-date. Windows firewall is off.

Exchange is still functioning but there is no management of the service.
The first lead I found here, suggested antivirus.

https://social.technet.microsoft.com/Forums/exchange/en-US/a675a48e-75a3-43c7-b99b-ec86527adb1d/emc-initialization-failed-with-winrm-error-exchange-2010-sp2?forum=exchange2010

As the site is using Trend Micro Worry Free Advanced, I opened the TMWF console, created a new Server container, dragged the server into it from the old container, refreshed the client on the server and can now access the EMC.

Now that I know what caused it, looking over the Trend Knowledge base reveals http://esupport.trendmicro.com/Pages/Unable-to-access-Exchange-2010-Management-Console-.aspx

The issue of not being able to open the Exchange Management console can occur when there is no Internet Connection after a server restart.
This can affect any server coming up without an internet connection as the default configuration of the virus software on the server is configured to look at the internet before allowing connection to the EMC
You can change this behaviour by following the steps in the Trend KB article.

The issue occurs because the Proxy hooks the Exchange 2010 management console query URL and it fails to get score from the Internet because there is no connection.

To resolve the issue:

  1. Ensure that the Exchange Server has Internet connection.
  2. Log on to Worry-Free Business Security (WFBS) web console.
  3. Go to Security Settings > Add group.
  4. Under Group type, select Servers.
  5. Specify a name for the group.
  6. Click Save.

Note: The created group will have the default settings if the Import settings from group check box is unticked.

  1. Disable the Web Reputation and URL Filtering feature for the newly created group.
  2. Go to Security Settings, then select the new group.
  3. Click Configure.
  4. Select the Web Reputation tab and unmark Enable Web Reputation for In-Office and Out-of-Office.
  5. Click Save.
  6. Select URL Filtering and unmark Enable URL Filtering.
  7. Click Save.
  8. Move the Security Agent of the Exchange 2010 Server in the previously edited group.
  9. Go to Security Settings and select the server group where Exchange Server 2010 is listed.

Note: This step refers to the Exchange Server Client/Server Security Agent and not the Messaging Security Agent.

    1. Drag and drop the selected Exchange Server to the group you created.

 

Tags: , ,

Should I tell someone about eCrime ??? YES !!!!

I know that I am in Australia and my experience might not reflect other countries, but I say yes. If you have had an eCrime committed against you (not your general virus or malware) then REPORT IT!!!

The more you report, the more the problem is taken notice of, the more investigation happens.

My post today to Facebook

A win for the good guys.

We had a business client scammed out of a large amount of money through an email.
We pursued it. We recommended and assisted in filling in the eCrime report.
We pushed it along. The police told the client, nothing will come of this. The client also felt that they were banging their head against a wall.
Well, today they receive notification that the money is about to be transferred back.
We helped chase the criminal through the Czech republic and into Spain.
Now, the person is cornered and my client has been offered a chance to be there in court and be a part of the process.

Reporting eCrime is the smart choice ! Things can happen !!!

Tags: ,

Microsoft Access Runtime 2007 error 2950 yet Database location is trusted ???

An error 2950 normally means that your database is in an untrusted location on your hard drive. (not always … but normally).

Refer https://support.microsoft.com/en-us/kb/931407

You can normally fix this with a registry edit e.g.

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Access\Security\Trusted Locations\Location0]
AllowSubFolders (REG_DWORD) = 1
Path (REG_EXPAND_SZ) “C:\Your Path\Your Program\”

(Location0 can be any key name you like).

What do you do if this does not work and the dreaded 2950 error continues?

a) Look for an error in your macro/vbs code in your access file. There is loads of information online on how to sort this out.

b) Look for other resources you need. (What ???)

I know it sounds fairly obscure however, here’s an example from my own troubles with “2950”

I copied the database into C:\Windows as that is trusted.

I double clicked the file and it went looking for Excel.exe and could not find it and then gave the 2950 error. I never saw the Excel.exe error when the Access file was in it’s original location.

I downloaded the Ms Excel Viewer and renamed the viewer executable to Excel.exe and then ran my Access file. Not only does my database now open, but all the macros run. I put the file back into the original trusted location and still no error 2950.

All this time my Access database was looking for Excel. Now it works.

Never underestimate what your Access file is looking for. 2950 does not always mean your program is in an untrusted location !

 

Tags: ,