Yesterday, she got sick of waiting to talk to someone at Verizon so she googled “How do I speak to a real live person at Verizon Wireless” and the first result is supportforusa .com (broken on purpose). From there, she clicked on some chat thing and let the person take over her computer. This was at 5PM yesterday.
At 2AM this morning, someone got on her computer and sent themselves $150 on PayPal and a $100 Amazon e-gift card.
This morning, she called me in a panic, so I took over her computer and did the following:
Uninstalled AweSun, the remote software the scammer used
Ran a MalwareBytes scan (all seems fine)
Looked for any other unknown installations, but didn’t find anything
We contacted both credit card companies and disputed the charges and canceled the cards
Logged her off of PayPal and Amazon
Deleted all the passwords that Chrome had stored for her, and turned off the function where it asks to save passwords
Anything else I should do?
The scammer was pretty bad at hiding his tracks – her Chrome history showed me all the activity around 2AM, which showed me the PayPal transaction and the Amazon transaction. Then, I looked in her gmail and saw the e-mails that came in, that the scammer deleted, but didn’t totally delete.
Do you think the scammer left a trail on purpose or was just incompetent? Why did the scammer only take $250? Was that so people wouldn’t bother trying to claw the money back?
Any other advice is appreciated. I’ll be in and out all day, so I’ll see the replies in e-mail, but may not be able to reply until later.
She needs to actually change all her passwords for her various services. The password manager in the browser allows you to view login information for the sites it saved, which includes the username/password. The scammer may have been able to get all the login info for all the stored sites she had in Chrome. Chrome makes you enter the Windows password to see a site’s password, but the scammer may have the Windows password or have some way to get around that check.
The safest thing is to do a hard wipe of the disk and reinstall. It’s possible to put viruses in the boot loader which can reinstalled on each boot. Make sure whatever virus scanner you used checks for boot loader and root kit viruses.
I had a scammer/hacker hack into my very old Skype account. That was still linked to my paypal account which was linked to my CC and bank account. The hacker tried to load $125 from my CC via paypal onto Skype which the CC rejected it and notified me (and how i found out about it, I may have gotten a paypal notice as well). However he was able to load 5 separate $25 transactions from my bank account via Paypal, which Paypal refunded to me.
I was never able to gain back my old skype account (M$'s recovery process is atrocious with no one to actually talk to), I assume he sold my old Skype account with $125 credit on it. I take it some scammers just do low dollar amount stuff as it is less likely to be rejected and keep the amount low enough to not throw up red flags.
Find out who in law enforcement to report this to. Someone needs to find out whether the entire site is a scam, or whether it was one bad guy in an otherwise legitimate operation. Certainly there are ways to find out who the culprit was.
p.s. – And if it’s a legitimate business, they need to be told they have a scammer working for them.
I’m sorry that happened to your mother but to be correct, she was not scammed by a tech support person but by a scammer pretending to be a tech support person.
We are so attached to the technology and gadget these days that we can’t even imagine a single day without it. Email, printer, router, and the internet has a huge impact on our lifestyle. Having issues with these entities is not an unusual thing at all. Every day we came across different anomalies and glitches that caused a hell lot of inconvenience for us.
Yeah, I’ll do this as soon as I see her today. Chrome doesn’t even make you enter the Windows password – I was able to see her passwords from Chrome settings just by clicking the eyeball. Terrible.
I don’t think I have to wipe her drive – as I mentioned, the scammer didn’t even cover his tracks. I never would have known that he pulled the money out of PayPal and Amazon, or downloaded that remote software, if he had just erased the browser history. Her Windows is up to date, and I imagine it would try and block anything like a root kit.
I can’t tell if that site is legit or not – maybe they have a rogue employee. I couldn’t find any online complaints about it. Maybe I’ll try chatting with them and see if they try to do anything scammy to me. I’ll report back.
It’s not legit.
They provide “support” for a wide range of unrelated products/services.
No contact information.
Mangled and unprofessional English. (Look at post 7)
I’m not sure how you can be so quick to judge. Did you happen to see this page ?
About: If you want to resolve all Antivirus, Printer, Email, Software, Windows, Router related issues quickly then it is the right time to avail the services of SupportforUSA. It is a comprehensive online directory that consolidates the contact details of the top service platform. You would get all the required detail which is required to fix the technical issues.
I have a special place in my heart for the scumbags which do this. Yes, to start have her change all of her passwords.
If you are able, revert her computer back to factory defaults or reinstall Windows. It’s the only way to be 100% sure no back-doors remain. If you can’t easily do this keep an eye out for strange behavior on her machine. It is possible for back-doors to avoid/survive AV scans, even Malwarebytes’.
Reminded me of the time my wife was having some tablet issues and tried to phone apple support and get a “person”. She did the same thing and the first thing the “support” person asks for is a credit card number. Thinking that odd she asks what the fee is. He says so much per minute. She decides to call me at work and thinking that was odd I asked our tech guy who coincidentally used to work for apple support who advised it was a scam. Too close for comfort!
You have to have a password to access your Windows desktop before Chrome will ask for one. I don’t recall, but I don’t think this is configurable. If you don’t have a Windows password, there’s no password for Chrome. If you do, there is.
Also, there’s a utility called RegRun Warrior is for removing rootkits. It requires booting from either a USB drive or a CD. I haven’t had to use that function [knocks wood]; I use the Security Suite (which includes Warrior at the Platinum tier) mostly for its registry monitoring and detection of weird programs. Everytime I boot up, it checks the registry to see if there’s been a change since the last save. Slows the boot time, but the extra security is worth it to me.