TomTom copycat scam

I received the below via email. The anecdote indicates a potential scam initiated via the TomTom website ( note that TomTom has confirmed that their technicians would not request extra funding). Has experienced a problem like this, where a scam is initiated from a valid source?

Had an interesting experience the other day. I have used Tom Tom navigation devices for a number of years without any problems. My Tom Tom died a few weeks ago after quite a long time so I decided to replace it as we were heading North on a holiday. I purchased the unit at Harvey Norman and took it home and connected to the Internet to see if there were any updates for the maps. The update would not complete but the unit was working OK. I used the Tom Tom site to see what the problem was. The site has an “assistant” that you can ask questions of (in writing) and the assistant told me that I needed to have one of their technical experts look at the situation. The “technical expert” rang me and connected to my computer. He had a strong Indian accent which combined with the low quality telephone line made things difficult. What I saw flashing before my eyes was the content of my computer. The technician claimed that my computer had been hacked and there was evidence of at least 65 hacks. He then said it would cost me $89 to have my computer ‘cleaned up’.

At this stage I was nervous that this guy was not the real technician that I should have been working with so I terminated the call. I regularly run software to check my computer against viral attacks and have not detected any at any stage. I had a friend who works in the industry also check my computer and he could find no evidence of any attacks on my computer. I went to Harvey Norman and received some advice regarding the situation. I rang Tom Tom in Australia (most difficult to find the telephone number) and they said it was most definitely not a Tom Tom technician as they would never request any extra funding for assisting a client. Since my computer’s contents had been available to a hacker I had to take action to remove my bank accounts from the Internet.

What annoys me is that the connection to the technician who rang me and committed the breach of my computer seemed to have been organised by the Tom Tom assistant. She told me that a technician would ring me to organise a scan of my computer. There would seem to be a big problem here that Tom Tom needs to investigate - either the connection that I made in the first place was a fraud or the assistant was involved in getting me onto a fake technician who was actually a hacker.

8 Likes

I doubt anyone can say for sure without examining the computer but one possibility is

the computer really was already compromised in some way and hence the “site” was not the real Tom Tom site.

In the somewhat distant past there were also a number of exploits whereby an unsuspecting user could be directed to the wrong web site even where the computer was not already compromised. If the web site is not using “https” then there might be no indication of a problem.

4 Likes

Regardless of anything else in this story, this is a “no no”. Never ever let anyone connect to your computer unless you know the person (and trust said person).

If someone asks for remote access to your computer this should be a giant flashing warning sign.

4 Likes

I wonder if it is a coincidence
that Tom Tom said someone would call back and soon there after, a scammer rang (saying from Telstra, NBN, Windows Support etc). The person assumed/misheard thinking that it was from Tom Tom
then they allowed their computer being compromised.

4 Likes

See also

Possibly the person used a search engine to find the “Tom Tom” web site and ended up on a scammer web site instead.

6 Likes

Since the boxes have instructions for tomtom.com, installing MyDrive Connect, and updating, and that s/he also had previous Tomtom GPS units it would have been good if the report included the URL s/he used.

I am not aware of any verified scams coming from a legitimate support site, but as noted by others there are many lookalike scam sites out there, some that get traffic via their variation on an easily mistyped but legitimate site.

While my defences might make me braver than I should be, sites respond to (do not go there if you don’t have shields) tmtom dot com as well as tomtm dot com as examples.

In my test case https and http did have a difference. http resulted in a multiple redirection on tmtom dot com and https had a connection fail to reinforce the point.

5 Likes

Good theories, thanks for the thoughts.

3 Likes

Yes

Yes. This is another approach taken by scammers (or sometimes not scammers as such but just opportunists). Browser history might show whether this is what happened.

2 Likes

If one googles ‘Tom Tom Updates’, ‘Tom Tom Updates Australia’, ‘Tom Tom Updates Australia free’ or ‘having problems updating Tom Tom’, all the first half dozen links or so are the genuine Tom Tom website.

It would be interesting to know what was searched if it was a scam website which was found.

Also, what did the OEM manual say about product support and why wasn’t this referred to or used.

3 Likes

The one on the Tom Tom forum (@person above post) was https://www.satnavnavigationmart.com/

Again, I am not sure how this one was found as it doesn’t appear close to the top of the google search. It also doesn’t have a url which would give an impression it was the official Tom Tom website
which could be easily found using google.

I wonder if a help post was made somewhere (e.g. reddit, facebook, etc) and the scammers responded with their URL. This could be a possibility, but why one wouldn’t check for an official Tom Tom URL in such cases is beyond me.

1 Like

Not everyone uses google.

3 Likes

I don’t see that is very workable advice. I have used remote support from Dell several times and would not have known any of them from Adam and not knowing them I have no reason to personally trust them. On the one incident I may have dealt with 2 or 3 people and didn’t know any of them.

I think a better way to express this is that you need to have a sound reason to think the person(s) works for the organization that they purport to and that as a representative of said organization they have your best interests at heart. That may be what you meant but it didn’t come out that way.

There is a current scam being tried every day that involves downloading and giving privileges to remote access software, the malefactors have various aims in getting you to do this. In all cases the scam begins with them calling you, they are just a voice on the phone that could be from anywhere working for any organization. This immediately fails my two tests and so I have nothing to do with them. I suspect that Brendan may have unwittingly got into such a scam system.

1 Like

I would be more inclined to think it was either a browser hijack (so searches would offer compromised or non official sites) or that they had inadvertently selected a dodgy search result from a non compromised computer.

What makes me think they had some sort of compromise was that they ended up at a site that obviously was not TomTom’s as the person assisting was not at all ethical in their behaviour nor would TomTom offer that sort of support to clean your PC.

TomTom’s support site indeed has an assistant called Bongo but I don’t think it is a “She” rather it appears as a stylised robot on their site and only provides text answers.

If @BrendanMays is in contact with the person affected then perhaps getting them to run a few other malware removal engines such as SuperAntiSpyware Free edition (Download SUPERAntiSpyware Professional X Edition & Free Editions), Malwarebytes (https://downloads.malwarebytes.com/file/mb3win_37469), and Adwcleaner (https://www.bleepingcomputer.com/download/adwcleaner/) to see if they detect any unwanted intrusions if it is a Windows operating system. Preferably run these tools in Safe Mode to ensure the best cleaning experience.

They should also ensure that they have removed any residual after effects left in place by the “hacker”. These can include ‘hidden from normal inspection’ programs to access the computer.

3 Likes

If the choice is between trusting and not trusting, I would go with my advice. The worst that happens if you don’t trust but you should is that a problem might not get fixed (in this case, no updated maps). In the opposite situation, we know what the worst that happens is.

I get what you are saying and there is room for debate. For example, if the computer came from Dell and you contacted them and used a trusted mechanism to do so, it might be OK. Or, if it’s a work situation (the computer belongs to the employer and it is the employer’s IT department gaining remote access).

I’m hoping that it was someone who emailed Brendan and he’s not just saying that. :slight_smile:

2 Likes

He made that very clear in his intro

2 Likes

If those are the only choices then you are right, but are they?

You can always gamble on your judgement.

Going back to where this started, relying on personal knowledge and personal trust is a judgement that just isn’t useful because we will not know the support person personally. There are other ways to decide who to let in. You are advocating that I never get some classes of tech support which is absurd.

If you can identify the risks and assess them and decide to go ahead anyway then that’s fine.

I had exactly the same experience but with Epson.
I realised afterwards that the website I arrived at was Epson Supports (note final s) hence not really Epson.
You probably were fooled into thinking you got to the real TomTom support site.

4 Likes