WARNING - new twist on computer hacking scam

Hey all,

Just a heads up on recent scam I heard of yesterday.

Friend of mine had a computer program installed several years ago. He got a call from what he thought was the service that installed the software. They asked him to let them link up his computer. Since he thought he had a working relationship with this service, he allowed it.

Once they were in his computer, they told him that they were ending the service and would refund him $200 if he allowed it. He said sure and gave them authorization to deposit the money. Then "Oops, we put $2000 in the account. You need to authorize $1800 back to us". He started to smell a rat and refused. They then locked his computer and told him they won't give him access unless he gives them their $1800. They were very good at what they did because they had his bank accounts up and SHOWED him that they had deposited $2000 into his personal accouint. He immediately hung up, shut down his computer and went to the bank.

There, he closed his accounts and opened new ones. He still doesn't have access to his computer and all his personal information, but he still has his money.

Here's the twist - they HAD deposited $2000 into his account ..... FROM his own line of credit! They were so fast and so smooth that they figured out how to transfer the money from one account to the other at his bank, on his computer. I can see how someone can get caught by this.

He contacted the company that had originally installed the software and they had no idea what was going on, but it was the third call they had that day. I'm guessing they got hacked, or a former employee took information with him when he left. Either way they're scammers.

Moral of the story - NEVER give remote access to your computer unless you KNOW who you're giving it to.

At what point does our society collapse under the weight of
fraud/ scams/ hacking through our data systems?

Autos, tractors, chainsaws, pacemakers, bank accounts, 100
apps for free on any phone or tablet, credit card chip,
everything has o soon will have computer controls, and
access.

When do we start spending more on chasing down the fraud
then we spend on doing something productive?

Paul

I treat any call like a scam. No one even when I call tech
support gets access to my pc, bank or cc acounts. Just plain
old common sense..........

Oh, I have a "guest" pc. Just a plain box grand kids can use
to surf and play games. No one but me access my pc.
Including the wife, she has her own.

Any out of area call goes directly to voicemail at our house. If it is legit they will leave a message...and I can also google the number before I return a call. Just yesterday I googled a number that was related to this scam.

For a long time now, I've thought every piece of mail in the mailbox is someone wanting my money.
Now I think it also applies to e-mail.

I feel your pain. These bottom feeders somehow got into my computer, and if I paid them around 500.00 I would get my info back. I refused to pay, and had my computer brought back up minus all my information. The only thing I really miss is my pictures. from what I have learned there is no way to get your computer back unless you start over. I have a back up system now to retrieve my info should this happen again. A little late for me. This cost me around 100.00 to get my computer functioning again. Hope you have better luck. Stan

backup system is not much of a solution, IMHO. Did you ever find out HOW they got on your computer? Did you have a good antivirus software on your computer? Did the hacker actually take information from your computer? I am just curious. Maybe you could shed some light on your situation and help someone else.

What are these offensive companies? Did you click one of those pop-up ads that promise to fix your computer? I installed "team viewer" on my dad's and my computers so I can fix his problems from 500 miles away, but only I can remotely control his computer.

Daily or weekly backups of operating system and files is a normal commercial/business computer practice- I used to do that at start of shift in late 1960s/1970s on IBM 360s, 370s and the old 1410. PC/Personal Computers treated like video games by many people - it goes down, reboot and put in another quarter. Now the PC and other devices are used for storage of business records, home video, recipes - but the users never learned the 'basic back it up' or make a copy of file offline as it is created and the weekly reboot, copy system to save everything in case of disaster for couple years is only slowly getting taught by hard experience. Cloud storage is sometimes helpful- but that is subject to hacking and loss of access for non payment of bills. Scam locked computer? simple get the backup from last week, reboot and clear core completely and do a BIOS restore from low core to full file. might have lost a weeks worth of daily data- but daily journal will do a restore for 12 hour worth of work in 1/2 hour without edits. suspicious input on days work? edit, virus scan may mean 2 hours restore for days data to a system restore from 3-4 days back. OR save picture in a folder-actual paper- like maybe the Amish sill do. Teasing Alert! RN

Absolutely zero financial information on our computer for a hacker to get. Only had one call wanting to take control of our computer; I gave him a lesson in bad words - he never called again.

Ive gotten calls even on my work phone. When i
answer they will say are you at your computer then
start to tell you your computer is sending out lots
of emails and i need to go to a site and they will
fix it. I play dumb and say really whats the website
that needs to be fixed right now. Then i letem have
it i just start cussing them out calling them
everthing i can think of and i mean some pretty
awefull stuff its so so funny then they will just
screem shut up real loud and hang up.

I was told these people attach their program to a attachment. When you open the attachment they got you. They didn't take anything from my computer, it was just locked up. They had control of the program they installed, and if I wanted my control back I needed to pay something like 500.00 dollars. Antivirus does no good here. I started fresh again. Actually I had a computer shop do it. The shop guy said he had people pay the money, so they didn't lose all their info.Stan

Scams like this are designed to catch you off guard and make you do something you wouldn't normally do if you were thinking straight.

No legitimate business would ever ask for direct access to your bank account.

Actually, this is not a particularly new scam, and it combines two types of attacks that have been around longer than the IBM PC.

The first part of the attack is "social engineering", which is to convince someone, usually over the phone, that the attacker is someone they aren't and get the victim to grant the attacker access to a computer system. While the movies portray hackers breaking into computers like safecrackers opening a safe (another myth), in reality they're much more likely to just convince someone to hand over the password.

The second part is a "trojan horse", a program that the victim thinks is harmless and installs on his computer. The program turns out to be malware, which may or may not be immediately obvious.

Security, be it computers or anything else, is never accomplished with a single layer of defense. Social engineering can usually be prevented with a healthy dose of skeptcism. Unfortunately it's not that difficult to overcome the average person's suspicions, as grifters, scammers and con men have long known. One simple trick to screen out scammers is to tell them you'll call them back at their PUBLISHED number. For example, if the caller claims to be with the IRS, tell them you'll call the published IRS 800 number and ask them for their extension. A scammer won't be able to provide an extension and will usually hang up immediately. Any legitimate company will have a published number you can find on the web. (Of course a well-prepared scammer will have created a bogus presences on the web, but most don't want to leave a trail for investigators.)

The simplest way to keep trojans off your computer is to switch to Linux. Few trojans target Linux, and the operating system is much more resistant to trojan attacks than Windows. If you have to run Windows (maybe you have software that's only available on Windows), you can improve security slightly by always logging in as a user without administrator privileges. Frankly, that's not much protection on Windows, but it's better than nothing.

The third layer is to regularly back up any data you can't afford to lose. That's a good practice regardless, and you'll never have to pay ransom to get your own data back.

As for tracking down the scammers and prosecuting them, fugetaboutit. Most operate from countries like India and Russia where they're well beyond the reach of US law enforcement. And if one scammer is caught, there will be ten more ready to take his place. In countries where a dollar a day is good pay, working a computer scam pays much better than working in a legitimate call center.

I had something very similar happen a few weeks
ago. I was having trouble with slow WIFI
internet speed and was working with Verizon
Support on the phone. They recommended we run a
speedtest to confirm network speeds from
SpeedTest.net. Went to site and we ran it and
system was verified to be extremely slow. So
they said they would have tech local support
check their system and get back to me.

So while waiting for them to call back. I ran
another Speed Test which won't run with a pop-
up blocker running. One of the pop-ups on the
speed test site was for a program call Re-Image
said it would scan entire system and then fix
all file it found corrupted . Check programs
reviews for Re-Image on-line at various
computer mags and they said it was great. So I
downloaded and ran it. The program looked at
the system and found numerous issues but would
not fix them until you call to get the
registration code. Made the call and got a
barely understandable Indian speaker wanting to
log on to my computer. No way, sorry good bye.
There was another number on the web site, so I
called this and now a female Indian answered
and wanted to access my computer. Me, no way
honey and hung up and rebooted the computer and
it barely ran and was loaded with the Ask
search engine and a bunch of other junk. I
couldn't remove them and had to load a prior
Windows configuration to get computer working
properly. A real mess.

Went out and as soon as I got home; a phone
call from Microsoft Tech demanding to let them
sign in and check my computer for problems. He
also spoke Indian. A few sweet words and hung
up. In his world, even being careful isn't much
protection.