What's new
Fantasy Football - Footballguys Forums

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

IT/cyber security guys please chime in (1 Viewer)

Galileo

Footballguy
My 82 yr old mother fell victim to some scam late yesterday afternoon.  The callers apparently persuaded her that she was due a refund for some sort of service my father apparently had ordered in the past.  I don't know all the details as I was not there, but clearly my mother allowed them to access and control her computer remotely.  She basically led them to a bank account jointly owned with my father under the guise of depositing the refund money into the account.  In the process they had her fill out some type of form and when she entered the amount of $300 an extra zero popped up to make it $3000.   Somewhere around this point she finally realized (albeit much too late) that this wasn't legit.   The scammer on the phone was apparently claiming to be upset with her for stealing $3000...I am sure all of this was just to add confusion to the situation.   She described her computer as going crazy (Toshiba laptop running Windows 7).  She said things were opening and closing...She tried to turn it off, but she claimed they would start it right back up again.  By the time I got there, her computer would only boot up to a log in screen requiring a password.  Problem is she doesn't have a password.  Normally, it would boot right up to the desktop.

A couple things...

1.  Aside from the clearly compromised bank account, I should assume these scammers basically got a hold of anything that may have been on her computer, correct?

2. Is there any concern about these people being able to have continued access to the computer without her knowledge when it is online?  I assume she had to do something from her end to allow that access initially, but what about moving forward now that they have already been in?

3. What about this password log in issue?  I googled it and found some stuff about using the system repair disc or a password reset disc, but we don't have any of that.  

 
I would agree with the first reply. Also since it is a laptop if you really want it powered off and staying off take out the battery and unplug the power cord. 

Also for the bank stuff, request new account numbers and file a fraud alert to freeze her credit. I would call the bank immediately. 

If you haven't yet, maybe consider getting power of attorney for mom now. Then you can handle all the cleanup without her needing to be involved.  

 
I would agree with the first reply. Also since it is a laptop if you really want it powered off and staying off take out the battery and unplug the power cord. 

Also for the bank stuff, request new account numbers and file a fraud alert to freeze her credit. I would call the bank immediately. 

If you haven't yet, maybe consider getting power of attorney for mom now. Then you can handle all the cleanup without her needing to be involved.  
An excellent idea.

 
Thanks for the replies thus far...sort of figured we'd need to go in the direction of reformatting.    Fortunately, we do have backup of most stuff, but it has been a little while since the last.  We did cut power and battery to the computer yesterday before I dealt with the bank stuff.   I even disconnected their WiFi for now.  I am not sure I really needed to do that, but I figured it couldn't hurt until I sort everything out.   

Regarding the bank contact...we did that immediately when I got to her house yesterday.  We went straight to the bank and basically got there as they were locking their doors about 6 PM.  They actually sent us to another nearby branch that was open until 8PM.  We were able to freeze the account and open a new one with the funds that were in the original.  We also disabled all online banking features fearing they could potentially log in and access the new account.  We couldn't outright close the compromised account because my father's social security check gets auto deposited into it.  The account was showing a $3000 deposit pending.  The banker had no idea what to do with that...lol.   I did not do a credit freeze yet, but that thought did cross my mind this morning.

As far as Power of Attorney goes, we already have one.  I actually have one for my father (87 yrs. w/ Alzheimers).  My sister has power of attorney for my mother.  However, my mother has been of sound mind and pretty much financially responsible with bills and such.  She was a train wreck over this.  When I spoke to her on the phone shortly after the event, she was hysterical...could hardly talk.  Just kept saying "I'm in trouble!  I need help!"  I almost called 911, but she finally uttered the words "computer" and "bank".  And I started to piece it together.  I live about 20 minutes away.  I had my sister call her to try and calm her down while I made the drive over.  But, back to the power of attorney, that isn't such a smooth sailing process either.  I have run in more circles and jumped through numerous hoops pulling my hair out trying to get things done in my fathers name with his power of attorney.

Back to the computer...anyone think using something like Malwarebytes or AVG to scrub the machine would be good enough in lieu of the reformatting??? 

 
Wait, rather than removing money once they got into the bank account, there is actually a deposit pending? That's...odd. Unless its a longer-term play to make your mother think nothing was sketchy so they could access her account again later

 
Wait, rather than removing money once they got into the bank account, there is actually a deposit pending? That's...odd. Unless its a longer-term play to make your mother think nothing was sketchy so they could access her account again later
This is basically what I was thinking.  They now have access info.  They could wipe it out down the road.  The $300 vs. $3000 thing may be just some sort of diversionary tactic to confuse the victim???  Maybe the pending transaction never processes but they harass the victim and demand they be given their money back? I don't really know.  It all seemed so odd to me.  All I know for sure is that they were in my parents account.   

 
Thanks for the replies thus far...sort of figured we'd need to go in the direction of reformatting.    Fortunately, we do have backup of most stuff, but it has been a little while since the last.  We did cut power and battery to the computer yesterday before I dealt with the bank stuff.   I even disconnected their WiFi for now.  I am not sure I really needed to do that, but I figured it couldn't hurt until I sort everything out.   

Regarding the bank contact...we did that immediately when I got to her house yesterday.  We went straight to the bank and basically got there as they were locking their doors about 6 PM.  They actually sent us to another nearby branch that was open until 8PM.  We were able to freeze the account and open a new one with the funds that were in the original.  We also disabled all online banking features fearing they could potentially log in and access the new account.  We couldn't outright close the compromised account because my father's social security check gets auto deposited into it.  The account was showing a $3000 deposit pending.  The banker had no idea what to do with that...lol.   I did not do a credit freeze yet, but that thought did cross my mind this morning.

As far as Power of Attorney goes, we already have one.  I actually have one for my father (87 yrs. w/ Alzheimers).  My sister has power of attorney for my mother.  However, my mother has been of sound mind and pretty much financially responsible with bills and such.  She was a train wreck over this.  When I spoke to her on the phone shortly after the event, she was hysterical...could hardly talk.  Just kept saying "I'm in trouble!  I need help!"  I almost called 911, but she finally uttered the words "computer" and "bank".  And I started to piece it together.  I live about 20 minutes away.  I had my sister call her to try and calm her down while I made the drive over.  But, back to the power of attorney, that isn't such a smooth sailing process either.  I have run in more circles and jumped through numerous hoops pulling my hair out trying to get things done in my fathers name with his power of attorney.

Back to the computer...anyone think using something like Malwarebytes or AVG to scrub the machine would be good enough in lieu of the reformatting??? 
If that deposit isn't the SS payment, call them immediately to change the routing for his checks.  Alas, Monday is a bank holiday, so they won't be open until Tuesday.

Having Power of Attorney is WAY better than not having it.  I had to become my mother's legal guardian.  That is so not fun.  You haven't seen hoops until you do this.

Mr R, the computer guru, says that formatting will be certain, but Malwarebytes is the way to go if you don't want to do that.

Good luck.

 
Also, Mr R says change the router passwords and those for any sites she logs in to.  Those could be pulled from the hard drive.

 
I would also file a complaint with the police and/or FBI. If they were on her machine I would consider any machine on their wifi/network compromised. As Mrs. R suggested changing the password for the router is something I would do as well as formatting all of the PCs, I would not turn them on while they have internet access. Changing ALL of their passwords for every website is also critical, and would be the first thing I do. I would also be very cautious with any backed up or recovered data if it was backed up after this happened. It's very easy to hide malware in existing data.

 
Yes to the bolded.  There is very likely a program or service running in the background that would allow them remote access.  Consider the entire thing compromised, including passwords.  Completely reformatting would be the best.  If she doesn't have a backup of "can't live without" data, take the computer to someone that can retrieve that data before reformatting.

I used to have a boot cd that would reset admin passwords.  A computer shop might be able to do that for you, but I would still want everything wiped.

Also contact the bank.

ETA:  I would keep the computer shut down for now.  If they have remote access, they can use that computer as a bot for other attacks.

ETA 2:  Google the make and model of the computer and "factory reset".  There my be a key combination at startup that takes you to a utilities menu.  You may be able to wipe everything and restore the PC to how it came from the factory from that menu.  That is if there is no "must have" data.
:goodposting:

No way do I put that thing back online without reformatting it.

 
I would also file a complaint with the police and/or FBI. If they were on her machine I would consider any machine on their wifi/network compromised. As Mrs. R suggested changing the password for the router is something I would do as well as formatting all of the PCs, I would not turn them on while they have internet access. Changing ALL of their passwords for every website is also critical, and would be the first thing I do. I would also be very cautious with any backed up or recovered data if it was backed up after this happened. It's very easy to hide malware in existing data.
Debated this, but got to busy at the time dealing with the bank stuff.  Not sure the police could do much.  I figure at this point all I have is my mom giving someone permission to access her computer, my mom providing access to a bank account, and what appears to be a deposit going into said account.  Other than creating some headaches, forcing us to scramble for protection and my mom feeling embarrassed from going along with it, what crime has occurred? Harassment maybe?  I suppose it would create a record of the event though should more develop.   

 
You should probably put a freeze on their credit. Alert any credit card companies they have accounts with as to what's happened and make sure their accounts are monitored. Similarly with any securities accounts they may have. Passwords and security authentication questions need to be changed as well for all those things. You might want to pay for a monitoring service as well that keeps track of whether their social security numbers get used to open accounts, etc. Assume any information they had on that computer, or used the computer to access, is compromised.

Also, I'd have a hard time trusting anything that was stored on that laptop at this point, you'll need a high quality anti malware capability to scrub it.

 
Last edited by a moderator:
You may want to take the laptop to a computer repair shop.  They can remove the hard drive, and copy files from it that you may want, then reformat it.  It will probably cost you around 80 bucks.   

 
This is basically what I was thinking.  They now have access info.  They could wipe it out down the road.  The $300 vs. $3000 thing may be just some sort of diversionary tactic to confuse the victim???  Maybe the pending transaction never processes but they harass the victim and demand they be given their money back? I don't really know.  It all seemed so odd to me.  All I know for sure is that they were in my parents account.   
I want to say I've heard of scams where they are intentionally overpaying for something and then asking for the overpaid amount back.  Then of course the $3000 transfer/check/etc would be cancelled, fraudulent, whatever.

 
Back to the computer...anyone think using something like Malwarebytes or AVG to scrub the machine would be good enough in lieu of the reformatting???
Why risk it? Malwarebytes and AVG are good at catching viruses but they don't always notice when scammers make slight alterations to the registry which can allow them to access the computer remotely.

If it were me, I'd copy all the personal files to a flash drive and then reformat.

If you're going to try Malwarebytes, then you should remove the drive and plug it in as a "slave" on another computer. Then run a full scan on it (if you're using Malwarebytes, select Custom Scan and click all the checkboxes) . Then put it back in your mom's computer and boot to Safe Mode. As soon as you get into Safe Mode, go into the Control Panel and uninstall any programs that have been installed since Thursday. Then reboot normally.

 
If your mother has email accounts that are important, like that other sites would send out password resets, etc, I would change those first from your own computer that was not on the compromised network.

 
Back to the computer...anyone think using something like Malwarebytes or AVG to scrub the machine would be good enough in lieu of the reformatting??? 
HELL NO.   Not even close to good enough.

 
Last edited by a moderator:
Also, your mom needs to change her passwords for all of her online accounts (Gmail, Facebook, banking, credit cards, etc.).

 
Debated this, but got to busy at the time dealing with the bank stuff.  Not sure the police could do much.  I figure at this point all I have is my mom giving someone permission to access her computer, my mom providing access to a bank account, and what appears to be a deposit going into said account.  Other than creating some headaches, forcing us to scramble for protection and my mom feeling embarrassed from going along with it, what crime has occurred? Harassment maybe?  I suppose it would create a record of the event though should more develop.   
Prosecuting isn't really the point.  Helping the Feds track scams and warn other people of them is what you'd be doing here.

 
Well, it looks like we are just going to trash the computer.  It was pretty old.  The Best Buy Geek folks were able to work around the log in issue.  The program TeamViewer, remote control software, was installed.  They also said the internal power supply was going bad.   So, time to buy a new cheapo...

 
Sounds like they syskey’d the machine. Format the box and put a hold on all accounts and a fraud alert on her credit. Change passwords for everything important immediately. There are no other options.

 
Last edited by a moderator:
The police could check the incoming phone numbers and track the originating source. It might be a burner phone though.

 
Galileo said:
Well, it looks like we are just going to trash the computer.  It was pretty old.  The Best Buy Geek folks were able to work around the log in issue.  The program TeamViewer, remote control software, was installed.  They also said the internal power supply was going bad.   So, time to buy a new cheapo...
Consider a Chromebook. Cheaper, more resistant to malware, and self-updating. Chances are your mother has no need for anything outside of the browser anyway.

 
Consider a Chromebook. Cheaper, more resistant to malware, and self-updating. Chances are your mother has no need for anything outside of the browser anyway.
It will also encourage her to backup her files/photos/etc online so if something like this happens again you don't have to worry about getting something off an infected hard drive.

One of the big hurdles for older folks using chromebooks used to be the screen size as they topped out at 12-13", but you can get a 15.6" chromebook with 4gb of RAM for ~$200. Maybe get an inexpensive thumb drive for local storage.

 
AhrnCityPahnder said:
No.  Wipe it clean and start over.  
Even that's getting to not be enough. There are now persistent compromises that remain even through a reformat. They get stored in the BIOS I believe. Crazy.

 
tldr all the responses. If it hasn't already been said don't turn to any virus program to solve compromised security. Completely reinstall Windows with different usernames and passwords. 

ETA: I hope all these bastards that prey on old people rot in hell. 

 
Last edited by a moderator:

Users who are viewing this thread

Back
Top