My dad called this weekend and mentioned that a company calling themselves “windowsoft.net” had called him and told him that he was sending lots of spam from his computers, so he let them have remote access to them, and they fixed him right up!
After I finished yelling “you did WHAT!” at him, I told him that he needs to do the following things:
Go to a (presumably) clean machine and download Windows Defender Offline from Microsoft, burn it to CD, and run it from CD.
Change all his passwords - but - I don’t think that’s enough, since they might have installed a keystroke logger.
Call his broker and bank, and make sure that any Internet account access (other than viewing statements) is rescinded until further notice, so that any transfer of funds will require a physical signature.
Is there anything else I should have him do? I’m a Mac guy and although I’m considered an expert in that platform, it’s kind of like having a physician do surgery on a dog - I’m familiar with all the parts, they are just in the wrong places.
What’s really scary is - this is a Harvard-educated man, who has worked with computers since the 60’s - and used to be a cryptanalyst! I guess it’s really true what they say about old folks and their gullibility quotient. During one of our conversations, I told him he was insufficiently paranoid - if it was a machine that I was managing, I would rip the hard drive out, format it (on a Mac), and re-install the OS.
Just off the top of my head, here’s an idea. Tell him to never type a password again. Instead, he’ll copy and paste them from elsewhere. Then, he’s gonna have to create a document that he’ll copy and paste them from. Ideally, he can create that document on another machine and access it either from the Cloud or from a flash drive.
If that’s not feasible, maybe it would suffice for him to create some innocuously-named document on his pc that has all the passwords in it, along with many decoy passwords, but none of the names of what sites those passwords are for.
My recommendation would be pretty close to this. First, immediately disconnect the machine from the internet. Copy any documents you want to keep to a thumb drive. Then reformat the drive from scratch.
I’d copy the files back to the newly formatted machine after installing anti-virus software on it. This has a slight risk that a file hides a virus or trojan that isn’t caught by the software, but I’m assuming trashing all the files isn’t an option and I’d be most worried about applications/executables. Be sure not to copy documents over unless you recognize them to avoid an executable masked as a document.
And in addition to what you listed, quarantine or delete any files you have synched to cloud storage (OneDrive, DropBox, Google Docs, etc.).
My mother fell for this last summer. And I was in the area visiting! (I’m an ex-Computer Science prof. She could have easily asked my advice.)
What I did:
Removed all the “tools” they installed.
Ran MalwareBytes and such. Found nothing.
Did a clean install of the OS. She had just recently bought the computer so didn’t really lose much doing this.
They had arranged payment via PayPal. They even created a PayPal account for her using her CC info. So I had her cancel the credit card and get a replacement. Called PayPal and worked with them to have the charge reversed (it was still pending) and her account blocked.
As people age, their filter for detecting scams fades. She is aware that these scams exist, but she has this “But they sounded so sincere…” fault that she refuses to acknowledge.
I had one of those guys call me. I was in the garage, but I played along like I was really in front of a machine, and “did” what he told me. I think he thought I must be running Windows 8, because he didn’t believe me when I described what I was seeing in my “virtual” W7 machine.
I couldn’t keep it up because the guy had such a thick accent that I couldn’t even tell what he was saying! How can you run a scam if you can’t even communicate clearly?
My mom fell for this too, though I managed to interrupt the process midway through so I don’t think they installed everything they might have otherwise.
When booted, it automatically tried to initiate a logmein session, so I killed that, disconnected from the internet and did a system restore from a previous backup. After the restore, I ran an antivirus, malwarebytes and a couple other scans, but came up clean.
Thankfully, it was a brand new laptop, only out of the box for about 2 weeks and I hadn’t copied any of her files over from her old system, so there wasn’t much to wade through.
She had also given them her CC#, fixing that was more time consuming than anything else. She ended up eating about $300, but managed to get her cards cancelled and reissued before anything else hit.
She knows now that I’m the only one allowed to access her laptop remotely.
In my experience as a computer shop servicing 95% windows machines, most of these guys level of real malice ends at the credit card number. When you are paying flunkies $1.50 an hour to get someone to agree to the $200 service you are already printing money they dont need to shovel out a virus on top of it. They want a clean customer service experience to minimize callbacks with additional questions thus minimizing the victims opportunity to reverse charges.
Well, I sure hope you are right!
My dad said that they actually performed a useful service, and “sped up” his machine. He said they kept him on the phone for an hour, so I’m sure it’s a pretty hefty charge.
But, if that’s all they did - great. I’d consider it a cheap lesson.
This guy used a virtual machine (don’t ask me how it works, because I don’t know), so he could go along with the scam and see exactly how these guys work. When he finally decided to pull the plug on them, the scammers got pissed and deleted the drivers for his ethernet card.
It seems to be a pretty common scam. We’ve gotten a few calls, but when my mother started to question the guy, he hung up. Some people have said that when you express skepticism, they’ll start hurling abuse and swearing.
I have gotten the call twice from “Microsoft” wanting to fix my computer. While talking the phone disconnected my computer. I hassled them and used their time. In the end I asked them to send me notification in the US Mail so my IT (my son) guy could make the changes. After I hung up with them I called my son to ask about “Microsoft” calling out of the blue. He confirmed it to be a scam.
I have received this call twice at my shop and one time a customer received the call while I was there fixing his computer.
The second time at my shop, I was prepared
Once I figured out what it was I stated the following:
ME: <facing away from phone like I am talking to someone else>
Confirmed trace to IP: 206 . 243 . 22 . 16 and notify the team we will have location momentarily.
ME: “Sir, please stand by, Pursuant to Homeland Security Act Section 101 B-1(a) this is a secured federal installation. Please be advised this call is being recorded and traced, and a team will be dispatched to your location to investigate.”
Scammer: “No sir, you misunderstand, it is your home computer, maybe we should call you back at home.”
ME: “The simple fact that you have this number at my workstation means a security breach has taken place and we will be needing your contact information for reference in the investigation, do not hang up or we will have to assume this is a hostile breach attempt on your part and the CIA entry team will be authorized to use lethal force in obtaining arrest, have I made myself clear.”
Scammer: “Yes”
Me: “What is your name”
Scammer: “Uh, I think I have wrong number”
Me: “Sir, Do not hang up, things will get very messy if you disconnect this call”
I’ve had some fun with these sorts of things before, playing along without actually doing anything, knowing my computer was currently offline, and/or not infected with anything, and abused them so heavily for trying to take advantage of the unaware and gullible, that they’ve actually broken down into tears, and begged me to help them get a real job. They have admitted being failures in life, and although they have pc skills, are unable to secure a job in a reputable company. I have no intent to help them, nor any respect for anyone that would lower themselves to this level to find employment, surely, at the very least there’s other crimes they could commit, without the resulting interference into innocent lives.
I recently saved my boss from falling for a car sales/paypal/excess paid for shipping scam that he was in the middle of when I walked into his office, he was on the phone to “paypal” in the midst of changing his password. He’d already communicated his bank details, bsb and account only, not cc details, but I still made him contact his bank, his investment partners that shared that account, and change all passwords on paypal accounts accessed from that pc, then introduced him to mbam, and other adware and spyware finders. Really, who would buy a ordinary car, sight unseen and condition unchecked, from interstate and be prepared to above the asking price? Considering I don’t work for him anymore, I almost wish I let him go through with it, expensive, but valuable lesson. :smack:
I’m dreading this happening to my parents. Hoping I’ve mentioned it enough to them they’ll recognize it for what it is if the call happens.
When I was picking up my PC from repair a few months ago, an older woman came in having taken one of these calls. She seemed like a regular, or somehow personally knew the owner or something. He seemed resigned to the task.
This is the price we pay for that piece of crap called Windows. If you must use it, stay off the Internet. Buy a $200.00 Chromebook for net stuff. Christ…
Although I tend to agree with this sentiment, I don’t want this to become a Windows-bashing thread.
And, after all, he did allow them access to his machine. If someone let me do this, I could install all kinds of nasty stuff on a Mac or Linux box, too.