They plant javascript popups in various websites that say something to the effect of "Your computer has been compromised. Contact Apple|Microsoft technical support for assistance at ."
The person answering the phone is from neither Microsoft nor Apple, they are these people and they will confuse a non-technical user with a lot of jargon and instructions - the goal being to download and authorize Logmein Rescue or another remote access program. Once this is done they begin accessing banking websites hoping for auto-filled passwords all the while claiming to be checking for fraud. They will also take the user to their web site to show how "legitimate" they are.
This website purports to be a tech support firm located in the USA with a whois record that seems to be an odd mix of US and Taiwan addresses. The listed email contact on the website is an address at
gentechllc.us which is registered to an Indian address.
Once the user catches on or balks - they turn threatening and demand payment for their "services". If the user is foolish enough to give them a credit card they will charge it for several hundred dollars.
My mom got this far - giving them her card # and then immediately regretted it and called me. I advised her to turn off her computer and call her bank immediately, request a new credit card and alert them to the possibility of fraud. I performed a forensic analysis of her web browser history, shell history files, and any running processes and recent files.
The bank reversed a $600 charge. This was met with four or five threatening phone calls including threats to come to her house and personally collect the money. I made my own threatening phone call back to them and the harrassment stopped.
I reported them to their hosting provider who told me they took them down but they are still up. I did notice they have a new toll free number on the site already.