REPORT dangerous post

I went to post: (Flag to @martin )

And clicked link to download, and got popup that my computer was being locked and to call Apple etc…

See screenshot attached…

Any ideas how dangerous this is?
Where to get the tool now?
Should this post be deleted??

So it seems this original link…

https://html2bsdesign.com

Is no longer owned by the user R.Omer who created the tool (or maybe it is, and he’s moved on to hacking? I hope not!) According to his forum profile, the last time he posted here in the BSS Forum was Oct 23, 2023, and the last time he was in the Forum was March of this year.

The registration for the domain html2bsdesign.com was updated in June of this year…

Those are definitely NOT Apple Nameservers.

I checked this link that was showing in your browser

using easydmarc and it reported it as Suspicious. I also checked it with urlscan.io and it reported the following…

DEFINITELY A SCAMMER! I hope it did not infect your machine with anything. I presume your computer is actually not locked (since you made this post.)

This phone number 1-828-407-8989 is definitely NOT Apple Support. Apple’s customer service number is 1 (800) 275-2273.

I called the 1-828… number (masked my number first) and I could hear it redirect to VOIP connection (typical red flag of scammers), and then some guy with an Indian accent answered pretending to be Apple support. (I cursed him out and told him I’m calling the FBI on him hahaha.)

I’m guessing the original link was bought by scammer who created a website that displays that fake message about your computer being locked in an attempt to get you to call the number. Probably when you call it, they’ll try to get you to download a file from some website which would then take control of your machine and allow them to hack you.

It’s a pretty common hacking technique among these scammers.

I sent a DM to R.Omer and asked him if he still had the domain, and what happened to the tool.

Since BSS can now import HTML files directly, I would guess the tool has become defunct, and is no longer being developed.

I would urge @martin to remove the original post and make sure this link https://html2bsdesign.com is nowhere else in the BSS forum!

I did have a couple of suspicious things, so I turned wifi off, exited everything, then rebooted, ran new MalwareBytes scan, etc… all ok, so i think all good. (A couple of hours wasted, but thats par for the course these days).

I agree to wipe his post, if no response from R.Omer.

Thanks, Fred

Apple computers are pretty robust when it comes to blocking malware, and even blocking bad website pages. Unfortunately, the age-old rule applies… never click on unknown links… even if the source appears to be a trusted place (like this forum.)

If I had to guess, R.Omer probably stopped developing the tool once BSS added the option to import HTML pages. He probably let the domain expire, and never imagined it would be bought by hackers. Since he was giving the tool away for free, I guess he didn’t really care what happened to the domain after it expired, which is understandable.

This was a very unfortunate confluence of bad events. You’re in a trusted forum where you’d assume it’s safe to click any links posted by other members. That particular link (and tool) was at one time extremely popular, so you had no reason to believe it would bring you to a phishing website.

The older that forum posts are (in any forum) the greater the chances that links in those posts will no longer be valid. It’s the nature of the internet. I’m sure I’ve even made a few posts here that now have invalid links because the companies have shut down.

Just recently, a website with a tool called jssor slider (which had been around for at least 15 years,) just went dark. I went to log into my account a few weeks ago, and the site was gone. Soon after, I got a message from PayPal stating that the annual billing was no longer being taken. The company just closed up shop, no explanation, and who know what will become of the domain. It may end up being bought by scammers.

It all just reinforces the importance of having good virus/malware protection on your computer, and always be wary when clicking on anything you are not 100% certain is safe.

I’m really good at being wary, but ya, just felt like a safe spot, and bam, it was so fast.

I just reported it to this community because, ya, we’re… a community… so it’s good to take down the ‘gone bad’ stuff.

Also, i didn’t realize that ‘import’ now exists… something new every day.

Thanks

Thank you for letting us know! It is common for scammers to buy expired domains. I removed the link throughout the forum.

1 Like

Watching a video right now on YouTube (I watch scam bating video for fun), and a similar type of scam popped up was presented (see screenshot).

These are pop-up scams, where the scammers make it seem your computer is locked, infected, etc. It unlikely to infect a computer, as it’s just a way to make the victim think their computer is compromised and get the victim to call the scammers. As long as you didn’t click any links, download anything from the website, you’ll be fine.

Side note: I visited the website the same day as fred.c.johnston, and nothing abnormal has happened because I was curious to see the site myself. This is also something that happens with advertised website on Google, Edge, Brave, etc.

While on PC, I use AdGuard (search AdGuard for [browser] (example: Adguard for Edge)]

For Android: How to block ads on Android, with root and without root (xda-developers.com)

For Apple iPhones, How to use AdGuard DNS in iOS (adguard-dns.io)

Helps for Android and iOS a lot because it will not load a sponsored link, even if it’s legit.

Using Microsoft Defender, there has been no abnormal activity.

Also the links are legit, I just double checked them before posting as of 8:19PM CDT 08/29/2024
They only block ads, not scam sites, but it does stop sponsored links that are scams.

These scammers are like cockroaches. And they are slowly getting a little less obvious (their grammar is improving) This particular phishing scam is pretty obvious because neither Microsoft or Apple would ever ask users to call them. Windows Security Center doesn’t remotely behave like this image shows, and Googling the 877 phone numbers instantly brings up all sorts of scam reports.

But there are undoubtedly people who will get scared and fall prey to this crap.

The numbers are not working now, but I actually called the “Apple” one the other day for fun. I could hear it switch over to a VOIP service before someone with a thick Indian accent answered. I said to the guy, “Hi, I got a message that my computer has been infected, but since you are obviously a scammer, I’ve gone ahead and reported you to the FBI” (just to make 'em sweat a little) and then I hung up before he could curse me out (as they always do.)

1 Like