Does TecMaestro (aka. Geek Squares) affiliate with tech support scams under a disguise of a small web developer agency? According to this research, the company ran several websites promoting tech support scams up until 2018. After a short hiatus, the company is back at it again with a brand new website and a tech support number.
This article explains how a handful of people working out from a tiny office in Ghaziabad, India is possibly associated with a network of websites running known tech support scams.
I was browsing Twitter the other day for the latest telephone numbers associated with tech support scams, and +1-877-383-8867 caught my eye. The account named @lopanjone was promoting printer, browser, email and antivirus support services. According to the tweets, the company behind the service is customersupportsusa[.]com.
I navigated to the site, and I promptly managed to find a handful of red flags. For example, customersupportsusa[.]com features fake reviews from non-existent customers, the pages are heavily optimised for search engines (SEO). As opposed to a legitimate business, customersupportsusa[.]com does not reveal the name and registered address of the company behind the service.
These errors could be chalked up to sloppy editing. To determine whether customersupportsusa[.]com was a fraud, I started poking around. What I found was an extensive network of websites and a handful of people associated with tech support scams.
History and the First Clues
After careful analysis of tweets by various sock puppet accounts, I managed to link a cluster of domain names to customersupportsusa[.]com. The group behind this site forgot to update the phone number on one of the sock puppet Twitter accounts. According to the following Twitter profile, the old phone number of customersupportsusa[.]com was +1-800-658-7602.
It turns out that now-defunct sites like antivirusnumberusa[.]com, emailtechsupportusa[.]com and microsoftusasupport[.]com (a complete list is published at the end of this article) were registered by the same group of people as customersupportsusa[.]com.
These websites had one thing in common: the phone number (+1-800-658-7602), from the sock puppet on Twitter.
Why is the number so significant? Because the telephone number was reported to be affiliated with tech support scams by the scambaiting community in 2017 and 2018. This means that customersupportsusa[.]com must also be a scam.
The Mounting Evidence
There were other signs that customersupportsusa[.]com is a business operation with questionable practices. First of all, the domain names were registered by GEEKSQUARES TECHNICAL SERVICES PRIVATE LIMITED according to the WHOIS records. Per this complaint by a former victim, Geek Squares were posing as a Microsoft partner and sold IT support as a subscription that was never delivered.
Secondly, I managed to find comments elsewhere indicated that Geek Squares might be involved in dishonest business practices.Read D P.'s review of Geek Squares on Yelp
Once I found the following complaint on Yelp, I knew I was on the right path.
The Web of Lies
My next stop was the companies register to find out who the people are behind Geek Squares. First of all, I found a second company named TECMAESTRO IT SOLUTIONS PRIVATE LIMITED sharing the same directors as Geek Squares. Not only the directors of Geek Squares and TecMaestro were identical, but the registered address of the two business also matched.
Both Geek Squares and TecMaestro can be linked to further websites associated with tech support scams, such as printersupportusa[.]info, antivirus-supportdesk[.]com and nortonsupport247[.]com.
The domain nortonsupport247[.]com is key here as two independent organisations confirm it was a scam. One of the telephone numbers linked to nortonsupport247[.]com was +1-800-611-2648. This number not only belongs to Geek Squares and TecMaestro per the aforementioned BBB report (confirming the association with nortonsupport247[.]com), but the telephone number was linked to known tech support scams by Malwarebytes, a well-known cybersecurity company.
At this point, I had a long list of domain names of Geek Squares and TecMaestro, a list of phone numbers associated with these websites, and independent parties confirming they are all associated with tech support scams. It begs the question, who is behind all of this?
The Men Behind of the Curtain
Based on the companies register and common OSINT practices, I was able to identify two key people behind Geek Squares and TecMaestro.
The first one is Abhisek Kumar, one of the two directors at Geek Squares and TecMaestro. According to public WHOIS data, Mr Kumar himself registered a number of domains known for tech support scams. Per Mr Kumar's social media profiles, he is also known as Abhisek Singh Rajput and Abhisek Visal.
Mr Kumar is also a director of CYBERSHIELD TECHNOLOGIES PRIVATE LIMITED. According to cybershieldtechnologies[.]com (offline), the business was providing web design, website hosting and SEO services. His business partner is Ram Pravesh Singh.
The second key person at Geek Squares and TecMaestro are Pravin Dubey, the general manager of Mr Kumar's companies. Multiple sources confirm that Mr Dubey is a former Java developer and self-proclaimed SEO expert. He is often seen together with Mr Kumar and other members of staff at company functions. Mr Dubey is responsible for the hiring decisions.
The second director of Geek Squares and TecMaestro is Vishnu Singh. Unfortunately, I found very little information about him. Mr Singh is presumably using an alias in real life, just like Mr Kumar, making it difficult to identify his digital footprint. Mr Singh and Mr Kumar are managing the two companies together since the beginnings.
Abhisek Kumar, Pravin Dubey, and possibly others are associated with a handful of websites facilitating tech support scams. Open source evidence suggests that the TecMaestro group may develop, host and/or promote a network of sites associated with tech support scams. Although most of the sites went offline in 2018, the group is coming back to business with a brand new website and phone number.
+1 877 383 8867
The group behind the scam was associated with the following phone numbers and now-defunct websites:
+1 800 658 7602
+1 800 624 4491
+1 800 611 2648
+1 855 615 2280
+1 888 583 4008
Offline websites without a known phone number:
Online website, but it is not associated with a phone number:
Other related sites (mixed offline/online):
- cybershieldtechnologies.com (+91 921 2913 555)
- sbpmedicalcollege.com (possibly client)
- tecmaestro.com (the main website)
Possible travel scam associated with the group:
- +1 800 658 7602
TECMAESTRO IT SOLUTIONS PRIVATE LIMITED
Company CIN U72900UP2017PTC096417
Address B-306 Pacific Business Park Sahibabad Industrial Area Site 4 Ghaziabad Ghaziabad UP 201010 IN
+1 858 885 1127
+1 800 200 2110
+1 800 624 4491
+91 9718 308 502
GEEKSQUARES TECHNICAL SERVICES PRIVATE LIMITED
Company CIN U72300UP2015PTC068438
Address B-306, Pacific Business Park, Site-iv Sahibabad Industrial Area, Ghaziabad Ghaziabad UP 201010 IN
Abhishek Singh Rajput
a****[email protected] ([email protected]?)
a*******[email protected] ([email protected]?)
Mr Kumar is also director of:
CYBERSHIELD TECHNOLOGIES PRIVATE LIMITED
B-306, Pacific Business Park Kaushambi Ghaziabad 201010
+91 9718 308 502
+91 8800 706 507