Welp, my mom had a good run.
-
Lucky for me, she uses protonmail (yeah, her son is in cybersecurity) and I can reach that from here. The attackers were sloppy. Didn't delete anything in the inbox (not sure if they had access or not). They didn't change the email password, so I wonder if they didn't get it.
I can see an Amazon password reset and a grocery store account password reset that my sister hasn't dealt with.
@paco Just had a question from my 18 year old that was horrifiedly trying to help her classmate that fell for one of the 'get free money'-scams. Yes, your mother should be proud of herself!
-
Welp, my mom had a good run. She fell for a scammer the first time ever today at age 93. I'm proud of her for lasting as long as she did.
Anyways, that's my evening and probably my weekend. If folks have recommendations for software, web sites, or methods for finding and eradicating malware, I'm looking for recs. Apparently the person had her on Teamviewer for several hours today. They had her change banking passwords, possibly installed malware. God only knows. My sister works at a bank and she was the "first responder" as they say. Banking is all cleaned up. We're not sure what else they might have done and that's my job.
The specs: Some ancient iMac (Intel CPU, probably 2017-2019 vintage). Very little software installed. Web browsers, Teamviewer (I use it with her), maybe one little recipe app or something.
I plan to buy her a new computer and manually move all her stuff from the old to the new. But what else should I check/do? Web pointers welcome.
She started using computers back in 2000 and she was doing video conferencing with me in 2002 using janky stuff like iVisit. She's been really good about not clicking on stuff, not opening attachments, etc. I've been really pleased. I'm trying to make sure she feels good about herself. She wasn't gonna beat these guys. She's done great to get this far without ever falling for it.
My mum almost got pwned, but the scamner screwed up the plot, and forgot a step.
So, the scammer called a second time, asking for another piece of informatiom. Thst is what tipped her off.
Fortunately, no major damage because she realized something was fishy and did not reveal the last piece.
-
Welp, my mom had a good run. She fell for a scammer the first time ever today at age 93. I'm proud of her for lasting as long as she did.
Anyways, that's my evening and probably my weekend. If folks have recommendations for software, web sites, or methods for finding and eradicating malware, I'm looking for recs. Apparently the person had her on Teamviewer for several hours today. They had her change banking passwords, possibly installed malware. God only knows. My sister works at a bank and she was the "first responder" as they say. Banking is all cleaned up. We're not sure what else they might have done and that's my job.
The specs: Some ancient iMac (Intel CPU, probably 2017-2019 vintage). Very little software installed. Web browsers, Teamviewer (I use it with her), maybe one little recipe app or something.
I plan to buy her a new computer and manually move all her stuff from the old to the new. But what else should I check/do? Web pointers welcome.
She started using computers back in 2000 and she was doing video conferencing with me in 2002 using janky stuff like iVisit. She's been really good about not clicking on stuff, not opening attachments, etc. I've been really pleased. I'm trying to make sure she feels good about herself. She wasn't gonna beat these guys. She's done great to get this far without ever falling for it.
@paco check for server side email rules, they sometimes don't show on the client side.
-
@paco check for server side email rules, they sometimes don't show on the client side.
@pinche_juan Good call! I checked and nothing. Phew.
I think this attacker was (a) not very bright, and (b) unlucky because my mom has very little online to steal. He tried to get her Amazon account, but it's been locked because she's reset the password so many times. I know he can't get into it because she can't. (My sister buys everything for her)
-
@paco
How did you become aware of the situation?@ryanjyoder My mom lives in one of these independent living places. She called down to the director because something wasn't going right and she wanted help with her computer. The director recognized exactly what was going on. Turned off the computer and called my sister. It was good work by the staff there.
-
Lucky for me, she uses protonmail (yeah, her son is in cybersecurity) and I can reach that from here. The attackers were sloppy. Didn't delete anything in the inbox (not sure if they had access or not). They didn't change the email password, so I wonder if they didn't get it.
I can see an Amazon password reset and a grocery store account password reset that my sister hasn't dealt with.
If anyone wants to see the scam that got my mom, here's a video capture of what it does. It plays a computer voice saying fantastic bullshit like "Your computer has the identity theft virus".
I'm pretty sure this was malvertising. Looking at her safari history, she was on a grocery store web site trying to place an order. Then this URL is next in the history. And after that, it's all password change pages and such. I can't imagine she had any reason to click on something other than seeing a fake "security alert."
In the video, this is not fullscreen. But when I clicked that link, it went full screen.
What the hell, Paco, you clicked the damn link? Yeah, not on purpose. I was trying to right click it to copy it, and either TeamViewer misunderstood the click or I fat-fingered it. But, having made the mistake, I decided to shoot some video. I got lucky.
Here's the URL (still live as of about 60 minutes ago):
https: / / xdrty-c6e6cjecbve4f9bz,z02,azurefd,net/mhelpxxx/index,html?bcda=1-833-371-8269#%E2%80%99
#identitytheft #malvertising -
Welp, my mom had a good run. She fell for a scammer the first time ever today at age 93. I'm proud of her for lasting as long as she did.
Anyways, that's my evening and probably my weekend. If folks have recommendations for software, web sites, or methods for finding and eradicating malware, I'm looking for recs. Apparently the person had her on Teamviewer for several hours today. They had her change banking passwords, possibly installed malware. God only knows. My sister works at a bank and she was the "first responder" as they say. Banking is all cleaned up. We're not sure what else they might have done and that's my job.
The specs: Some ancient iMac (Intel CPU, probably 2017-2019 vintage). Very little software installed. Web browsers, Teamviewer (I use it with her), maybe one little recipe app or something.
I plan to buy her a new computer and manually move all her stuff from the old to the new. But what else should I check/do? Web pointers welcome.
She started using computers back in 2000 and she was doing video conferencing with me in 2002 using janky stuff like iVisit. She's been really good about not clicking on stuff, not opening attachments, etc. I've been really pleased. I'm trying to make sure she feels good about herself. She wasn't gonna beat these guys. She's done great to get this far without ever falling for it.
@paco
This is Fedi, the only answer to 'what computer' is "a 10+ year old Thinkpad with OpenBSD". -
If anyone wants to see the scam that got my mom, here's a video capture of what it does. It plays a computer voice saying fantastic bullshit like "Your computer has the identity theft virus".
I'm pretty sure this was malvertising. Looking at her safari history, she was on a grocery store web site trying to place an order. Then this URL is next in the history. And after that, it's all password change pages and such. I can't imagine she had any reason to click on something other than seeing a fake "security alert."
In the video, this is not fullscreen. But when I clicked that link, it went full screen.
What the hell, Paco, you clicked the damn link? Yeah, not on purpose. I was trying to right click it to copy it, and either TeamViewer misunderstood the click or I fat-fingered it. But, having made the mistake, I decided to shoot some video. I got lucky.
Here's the URL (still live as of about 60 minutes ago):
https: / / xdrty-c6e6cjecbve4f9bz,z02,azurefd,net/mhelpxxx/index,html?bcda=1-833-371-8269#%E2%80%99
#identitytheft #malvertising@paco
Azure Front Door, nice. -
Welp, my mom had a good run. She fell for a scammer the first time ever today at age 93. I'm proud of her for lasting as long as she did.
Anyways, that's my evening and probably my weekend. If folks have recommendations for software, web sites, or methods for finding and eradicating malware, I'm looking for recs. Apparently the person had her on Teamviewer for several hours today. They had her change banking passwords, possibly installed malware. God only knows. My sister works at a bank and she was the "first responder" as they say. Banking is all cleaned up. We're not sure what else they might have done and that's my job.
The specs: Some ancient iMac (Intel CPU, probably 2017-2019 vintage). Very little software installed. Web browsers, Teamviewer (I use it with her), maybe one little recipe app or something.
I plan to buy her a new computer and manually move all her stuff from the old to the new. But what else should I check/do? Web pointers welcome.
She started using computers back in 2000 and she was doing video conferencing with me in 2002 using janky stuff like iVisit. She's been really good about not clicking on stuff, not opening attachments, etc. I've been really pleased. I'm trying to make sure she feels good about herself. She wasn't gonna beat these guys. She's done great to get this far without ever falling for it.
@paco I respect the choice to assume worst case, but for what it's worth ... in my experience, these threat actors are working from playbooks that are optimized for minimal complexity, and don't use anything that looks like malware -- sticking to well-known remote access tools that are very unlikely to be blocked by antivirus / EDR.
-
Welp, my mom had a good run. She fell for a scammer the first time ever today at age 93. I'm proud of her for lasting as long as she did.
Anyways, that's my evening and probably my weekend. If folks have recommendations for software, web sites, or methods for finding and eradicating malware, I'm looking for recs. Apparently the person had her on Teamviewer for several hours today. They had her change banking passwords, possibly installed malware. God only knows. My sister works at a bank and she was the "first responder" as they say. Banking is all cleaned up. We're not sure what else they might have done and that's my job.
The specs: Some ancient iMac (Intel CPU, probably 2017-2019 vintage). Very little software installed. Web browsers, Teamviewer (I use it with her), maybe one little recipe app or something.
I plan to buy her a new computer and manually move all her stuff from the old to the new. But what else should I check/do? Web pointers welcome.
She started using computers back in 2000 and she was doing video conferencing with me in 2002 using janky stuff like iVisit. She's been really good about not clicking on stuff, not opening attachments, etc. I've been really pleased. I'm trying to make sure she feels good about herself. She wasn't gonna beat these guys. She's done great to get this far without ever falling for it.
@paco I'm sorry your mother experienced that, and I'm glad she's got you to help her through this.
As a cybersecurity person, I’ve spent hours and hours tracking down malware and malware loaders. It’s great experience, I’ve enjoyed doing it, and I’ve learned a lot.
BUT...Professionally, it’s not cost effective.
Reformat the drive and reinstall the OS and all apps.For relatives, loved ones, or friends, it’s not safe.
Reformat the drive and reinstall the OS and all apps.Last thought: professionally, when payment for services is involved, I give them an estimate of the cost to have me wipe and reload, so they can compare that against the cost of a new computer, including the cost of me installing their apps and transferring their data. Especially if the infected computer is an older one, you have to wonder how long before the drive stops or something on the motherboard fries. Maybe you fixed the malware problem with a wipe and reload, only to have the older computer develop an electronic failure that makes it economically beyond repair shortly thereafter.
Oftentimes, the best course is to replace the computer with a new one instead of cleaning it.
-
@paco I'm sorry your mother experienced that, and I'm glad she's got you to help her through this.
As a cybersecurity person, I’ve spent hours and hours tracking down malware and malware loaders. It’s great experience, I’ve enjoyed doing it, and I’ve learned a lot.
BUT...Professionally, it’s not cost effective.
Reformat the drive and reinstall the OS and all apps.For relatives, loved ones, or friends, it’s not safe.
Reformat the drive and reinstall the OS and all apps.Last thought: professionally, when payment for services is involved, I give them an estimate of the cost to have me wipe and reload, so they can compare that against the cost of a new computer, including the cost of me installing their apps and transferring their data. Especially if the infected computer is an older one, you have to wonder how long before the drive stops or something on the motherboard fries. Maybe you fixed the malware problem with a wipe and reload, only to have the older computer develop an electronic failure that makes it economically beyond repair shortly thereafter.
Oftentimes, the best course is to replace the computer with a new one instead of cleaning it.
@fifonetworks @paco helpful, thanks
-
If anyone wants to see the scam that got my mom, here's a video capture of what it does. It plays a computer voice saying fantastic bullshit like "Your computer has the identity theft virus".
I'm pretty sure this was malvertising. Looking at her safari history, she was on a grocery store web site trying to place an order. Then this URL is next in the history. And after that, it's all password change pages and such. I can't imagine she had any reason to click on something other than seeing a fake "security alert."
In the video, this is not fullscreen. But when I clicked that link, it went full screen.
What the hell, Paco, you clicked the damn link? Yeah, not on purpose. I was trying to right click it to copy it, and either TeamViewer misunderstood the click or I fat-fingered it. But, having made the mistake, I decided to shoot some video. I got lucky.
Here's the URL (still live as of about 60 minutes ago):
https: / / xdrty-c6e6cjecbve4f9bz,z02,azurefd,net/mhelpxxx/index,html?bcda=1-833-371-8269#%E2%80%99
#identitytheft #malvertising@paco related movie recommendation: Beekeeper (2024)
Beyond that: sounds all solid. There is some official guidance from the FTC on it:
https://consumer.ftc.gov/articles/what-do-if-you-were-scammed
-
@paco I'm sorry your mother experienced that, and I'm glad she's got you to help her through this.
As a cybersecurity person, I’ve spent hours and hours tracking down malware and malware loaders. It’s great experience, I’ve enjoyed doing it, and I’ve learned a lot.
BUT...Professionally, it’s not cost effective.
Reformat the drive and reinstall the OS and all apps.For relatives, loved ones, or friends, it’s not safe.
Reformat the drive and reinstall the OS and all apps.Last thought: professionally, when payment for services is involved, I give them an estimate of the cost to have me wipe and reload, so they can compare that against the cost of a new computer, including the cost of me installing their apps and transferring their data. Especially if the infected computer is an older one, you have to wonder how long before the drive stops or something on the motherboard fries. Maybe you fixed the malware problem with a wipe and reload, only to have the older computer develop an electronic failure that makes it economically beyond repair shortly thereafter.
Oftentimes, the best course is to replace the computer with a new one instead of cleaning it.
@fifonetworks I checked when I was logged in. It’s an iMac from 2015. It, too, had a good run. I’m driving down Saturday to bring her a new iMac. And I will set it up fresh and move the data by hand and reinstall the apps.
I don’t know enough (even though everyone I’m connected to here knows enough!) to clean the old one. I know too much about what is possible to believe I can do it.
if it were my machine, I would do the same: wipe and reinstall. -
If anyone wants to see the scam that got my mom, here's a video capture of what it does. It plays a computer voice saying fantastic bullshit like "Your computer has the identity theft virus".
I'm pretty sure this was malvertising. Looking at her safari history, she was on a grocery store web site trying to place an order. Then this URL is next in the history. And after that, it's all password change pages and such. I can't imagine she had any reason to click on something other than seeing a fake "security alert."
In the video, this is not fullscreen. But when I clicked that link, it went full screen.
What the hell, Paco, you clicked the damn link? Yeah, not on purpose. I was trying to right click it to copy it, and either TeamViewer misunderstood the click or I fat-fingered it. But, having made the mistake, I decided to shoot some video. I got lucky.
Here's the URL (still live as of about 60 minutes ago):
https: / / xdrty-c6e6cjecbve4f9bz,z02,azurefd,net/mhelpxxx/index,html?bcda=1-833-371-8269#%E2%80%99
#identitytheft #malvertisingAnd now a funny commentary. This guy from India or Russia or whatever spent quite literally 3-4 HOURS with my 93-year-old mom trying to get her to install stuff, share her screen, and get through a password change. In that time she managed to install 2 apps and change TWO passwords. That’s it.
He should have been some kind of priest, rabbi, or imam or something. Patience. Of. A. Saint. Sad to think of this amazing super power going to waste on a life of crime.
I have to do these things with her and I can’t get them done any faster than that. But I don’t have the stamina to go 4 hours in the ring with her.
This guy is impressive.
#identitytheft #malvertising #security -
And now a funny commentary. This guy from India or Russia or whatever spent quite literally 3-4 HOURS with my 93-year-old mom trying to get her to install stuff, share her screen, and get through a password change. In that time she managed to install 2 apps and change TWO passwords. That’s it.
He should have been some kind of priest, rabbi, or imam or something. Patience. Of. A. Saint. Sad to think of this amazing super power going to waste on a life of crime.
I have to do these things with her and I can’t get them done any faster than that. But I don’t have the stamina to go 4 hours in the ring with her.
This guy is impressive.
#identitytheft #malvertising #securityAre any of the potentially compromised passwords used elsewhere? If so look at those sites and services and do password resets on them.
I would suggest using a password manager which you and mum both have access too. Bitwarden would be my suggestion but perhaps that making things to complicated?
Sounds like a MacBook Neo would be a potential replacement, if her needs aren't too extensive.
Scan the files on the current Mac before transferring them to the new hardware.
Otherwise securing banking and email is the top priority, which is covered. If thte got card details then alert the banks involved and request new cards. Update regular payments with new card details.
-
Are any of the potentially compromised passwords used elsewhere? If so look at those sites and services and do password resets on them.
I would suggest using a password manager which you and mum both have access too. Bitwarden would be my suggestion but perhaps that making things to complicated?
Sounds like a MacBook Neo would be a potential replacement, if her needs aren't too extensive.
Scan the files on the current Mac before transferring them to the new hardware.
Otherwise securing banking and email is the top priority, which is covered. If thte got card details then alert the banks involved and request new cards. Update regular payments with new card details.
@simonzerafa She doesn’t exactly have passwords. What I mean is that every time she logs in somewhere, she pretty much does the forgot password flow. Her browser history leading up to this incident had 20-30 clicks to her grocery store where she was trying to login and then did the forgotten password. She used 1Password for many years. She is MY mom after all. But these days that has gotten a bit too much for her. 1933 was a long time ago.
-
System shared this topic
