Not me but my accountant........
He received an 'Indian phone call' purporting to be Microsoft support warning the HD was full and offering to install some new software to overcome the problems he was likely to experience. Sounds as though it was a fairly slick and well practised scam.
Bottom line was that the scammer gained remote access to the machine and manage to run (or install?) some software as a sales aid that showed lots of red crosses showing software that was at risk?
The scammer then tried to sell £99 update but then (45 minutes into the call) my friend said that he must terminate the call - pressing need to go. Scammer very upset at this point as obviously he had wasted sales time or not?
Running XP and fairly upto date paid for McAfee software.
My advice so far has been to immediately disconnect the machine from the internet, change all critical (eg banking, HMRC, email etc) passwords from a different machine. Probably too late if the machine has been compromised. Since the machine is over 3 years old, I have suggested getting a new machine and copying over data only and keep old machine quarantined and not network connected.
Question is is this scam to install keylogging, or other malware, obtain credit card details, or a fraudulent sales opportunity? Will McaFee provide any malware safeguards or not?
Problem is that I am abroad and about to become incommunicado for 36 hours so I have pointed him at this thread to look for advice.
Thanks for help.
|
There's really no knowing is there? Though if the scammer was annoyed he probably hadn't got what he wanted. It may have been as simple as flogging the spurious anti-spyware and getting the credit card details that would undoubtedly have been needed to pay for it.
What was installed? It's still there presumably. There are quite a few programs that purport to identify problems, and it sounds like one of those.
Wife had one of these calls from "Microsoft" yesterday. She told him she didn't have a Microsoft computer and what was one anyway?
I doubt you could be happy, regardless, unless the machine was reimaged/reinstalled, given it is presumably business critical.
Experts along soon I dare say.
|
Those who got conned:
www.pcpro.co.uk/blogs/2011/06/16/microsoft-wakes-up-to-cold-caller-scam-%E2%80%93-what-took-it-so-long/
thousands of people have been cheated. Microsoft’s own survey finds that “79% of people deceived in this way suffered some sort of financial loss”. The details are even more galling:
* 17% of victims had money taken from their accounts
* 19% reported compromised passwords
* 17% were victims of identity fraud
* 53% suffered subsequent computer problems
* The average amount of money stolen was £543
* The average cost of repairing damage caused to computers was £1,073 — rising to $4,800 (£2,977) in the US
* Only two thirds of the people defrauded were able to recover the stolen money (presumably from their credit-card company), and even then, only an average of 42% of the stolen funds
Microsoft advice:
www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx
www.microsoft.com/en-gb/security/online-privacy/msname.aspx
report fraud here:
www.actionfraud.police.uk/
Last edited by: John H on Thu 24 May 12 at 11:15
|
|
A friend allowed them access to his PC and they extracted money for software they'd installed to identify all the "issues" with his computer. Clearly they scanned the whole hard disk at the same time as they were attempting to use store card and credit card details they'd obtained within a few minutes of the scam taking place.
|
Well he needs to change all his passwords, to all his online stuff. Then to get rid of the damage done he needs to go back to a restore point prior to the call.
There should be a system resort point of some kind from a previous update.
pcsupport.about.com/od/fixtheproblem/ht/system-restore-windows-7.htm
|
Given how often the subject comes up here, and in just about every other forum I visit, and has been in my local press (and probably everyboy elses), I'd be a bit concerned about an accountant gullible enough to fall for it
Perhaps the advice should be for PMH to change his accountant, rather than for the accountant to change his passwords ?
Last edited by: borasport on Thu 24 May 12 at 11:49
|
...I'd be a bit concerned about an accountant gullible enough to fall for it...
I've heard various scams outlined in court and thought: "The guy must be stupid to fall for that."
But the scammers are very clever at what they do, so I'm not so inclined to blame the victim.
|
>> But the scammers are very clever at what they do, so I'm not so inclined
>> to blame the victim.
Yes and no. Proper hackers who use social engineering to get onto systems are very clever, its an art form, and requires considerable skill. I have legitimately employed a few. Their tales and methods are fascinating.
The one this guy got caught by are not. The opening line is Ok
"This is the microsoft help desk"
but it all gets very suss very quickly after that, even for the average home user.
They then say " we noticed your computer is running slow " or "your computer is sending out errors" Immediately gets you thinking "how the hell do they know that or know its me"
With a bit of proper social engineering up front you would find who their ISP was first by some other means ( a previous "survey call" for example,) then then later phone up to say you are from Tiscali/BT/Sky etc. Now thats much more credible.
|
...Yes and no...
It was a general comment.
Scammers of all types can be highly skilled, so some otherwise intelligent individuals are taken in.
|
>>Bottom line was that the scammer gained remote access to the machine and manage to run (or install?) some software as a sales aid that showed lots of red crosses showing software that was at risk?
This sounds like once he (with your friends help) enabled remote Desktop feature, that he just opened the Error-log page in Control-Panel-Administrative tools. I dont think at this stage he actually had installed anything. What happened in the next 40 mins, would be interesting to hear! (how the actual scam develops).
|
>> >>Bottom line was that the scammer gained remote access to the machine and manage to
>> run (or install?) some software as a sales aid that showed lots of red crosses
>> showing software that was at risk?
>>
>> This sounds like once he (with your friends help) enabled remote Desktop feature, that he
>> just opened the Error-log page in Control-Panel-Administrative tools. I dont think at this stage he
>> actually had installed anything. What happened in the next 40 mins, would be interesting to
>> hear! (how the actual scam develops).
>> showed lots of red crosses showing software that was at risk?
Thats not remote desktop or the error log, thats one of those bogus virus programs. If you are lucky he may well have just gone to a website that hosts one of those.
|
|
These scammers need to have there location identified, a couple of Blackhawks full of Navy Seals flown in and then taken out - period.
|
Lets hope the scammers are not in Somalia then.
|
Many thanks for all those of you who helped. Machine in the process of being deep scanned using the microsoft software, after having been 'system restored' to an earlier date. All passwords changed, and Credit Cards cancelled. The Banks were not over concerned - both HSBC and Barclays Fraud units believe that their PIN sentry devices provide adequate protection for the online accounts.
So far no money lost or attempts at access of Bank accounts.
The question remains as to whether his phone number goes onto the 'gullible list' and gets sold on?
|
If your accountant had client's details on that computer he should be engaging professional help to completely nuke the installation of Windows and start from scratch, restoring documents etc from backups.
Nothing less will suffice.
|
Scammed!!! urgent help please - Manatee
