My partner just came to me in a panic - a friend of his sent a video of his son playing music, my partner played it, and part way through there were flashing lights, static, and a message came on screen saying “You just got hacked, brah!”
He immediately turned off his computer but is extremely distressed and convinced that all his banking information, which was on his computer, has been stolen. Alas, nothing is password protected and he does not have a back-up. (I wouldn’t call myself technically savvy by any means, but compared to him I’m a genius; he really knows nothing about “safe hex” and takes no steps to protect or store his data.)
I’m the last person to turn to for advice in this situation, but the person who could help is asleep right now. Any suggestions for what I should tell him? Both in terms of “stay calm, it’s unlikely to be anything more than a cruel joke” and suggesting what he should do to protect himself from the data breach that has possibly occurred already.
He’s on a PC, by the way. I doubt he even knows what OS he’s using. About the only application he has is Internet Explorer (he doesn’t even use MS Office, just goes to Google Drive to read and write docs.)
It’s really hard to know for sure what happened. It could be just a prank video where the friend edited in the flashing and hacked message. Did that appear just in the video window or was it the whole screen? If it was just in the video window, I’m likely to think it was just a prank video. But if your friend is the type to click on something which says “Watch This!” without really understanding the risks, then he could easily get hacked. The “video” could really be an hacking program that does pretty much anything to the computer. Unfortunately, people like your friend are very likely to fall for hacker’s tricks. Even if this video is fine, there’s no telling what else could be on the computer. Most hacks don’t announce themselves to the user because they want to stay hidden to retrieve info as long as possible. That’s one thing that also makes me think it’s a prank. Why would a hack make itself so visibly known?
What he needs to do is buy an internet security package and scan his computer. If it finds problems, then he can worry about next steps.
The second thing he can do is google for information about the video he saw, using all the information he can remember. It may be a well known prank, and he can rest easier knowing that.
My instinct also says its a prank, but I have nothing to base this on. The friend who sent the video would not have done it himself; whatever is going on, I’m confident that the friend is unaware.
I also had the same response regarding hackers not announcing themselves, but it’s good to hear it from someone else.
Thanks Sunny, I’m going to take those suggestions to him right now (Ordinarly I’d email him, but …)
ETA - One more thing - any suggestions for the internet security package? I use Norton, but I’m on a Mac (also, I don’t love it; I’m not sure I’d recommend it if there are alternatives. I know they do PC versions as well, however.)
Okay, I’ve shared all of the above - he’s a bit too disturbed to follow through right now, he wants to wait and talk to his friend who sent the video. (Yeah, I know, not an overly sensible response - but there it is. I can’t talk him down, that’s for sure.)
THANK YOU everyone - I’m going to make note of the advice provided as you never know when it might come in handy. Also, when he’s in a less freaked out mood, I’m going to talk to him about not storing all his banking passwords on the computer. Good grief.
There is literally no reason to buy anything. Malwarebytes, Avast, Microsoft Defender… All free.
I would probably disconnect from the internet and fire up the computer and see what happens first, personally. If the video itself is what said it, I would definitely be in the “prank” camp.
Prank. Unless there’s some accompanying ransom demand or something like that, there’s almost no reason for the hacker to notify the hackee. That’s just bad black hatting.
I’d say that actually makes some sense. He could ask them if they actually sent the video, and if they deliberately sent a prank. If the answer to both of those is yes, then he would know he has nothing to worry about.
I’d contact the person who sent the video and let them know what happened. Not as a way to help your partner, but so that the sender can warn anyone else to whom they sent the video to delete it.
This is great advice anyway; if the “attack” was real, that means the sender was breached, and all of their contacts have likely been attacked, and that needs to be nipped in the bud; if the attack was a prank, well… now you’ll now.
I did something similar on April Fool’s Day some… 15-20 years ago; fake virus popup that lists all the files on the computer, saying it’s deleting them.
It’s also probably worth verifying that it came from this person’s actual email account, as opposed to somebody that spoofed the friend’s name, but is using an email account totally unconnected to this person.
Know what I mean ?
In general, it’s pretty easy to verify the actual email address from which the email was sent. It’s also not difficult to create a fake identifier and associate it with that email address.
Although this may not be helpful, are you aware that there are many scammers who create “fake” warning messages that pop up? They encourage the user to contact someone (usually in India) to help “remove” the infection from your computer, for a fee. Since there is no real infection, it becomes a cash-cow procedure, and if you follow the bogus advice, you are likely to lose money for no benefit. Worse, the “consultants” may install malware that makes you pay them again and again.
He’ll definitely talk to the person who sent him the video - the only reason he didn’t do it immediately is due to the time difference (we’re in Hawai’i, friend is in Zurich).