Computer hacked just after I worked on it

[johnrobert]

Went to a house 2 weeks ago to service 3 computers win 7, win 8 and win10

They said none were working properly, I tuned them up best I could, they all had an old non-working AVG antivirus
put Avast on 2 computers and enabled Defender on the Windows 10
did Windows update on them all
scanned them all with Malewarebytes

They were in a hurry to leave spent about 90 mines, called back later to check the Windows updates.
And make sure everything was OK

2 weeks later they were getting a flood of emails hundreds their daughter suggested they check bank account 20 K was missing from an unused line of credit account to somewhere in the Middle East.
I think the flood of emails is a distraction

They went for an interview at bank yesterday. I have to send them a full report of what I did to the computers, they have to wait about 2 weeks for the bank to investigate they don't know if they will get their money back.

I have been saying this all along the banks need to put a delay on transfers it was noticed after only a few hours but money had gone.

It makes me feel very bad as they were new customers but referred from another 20 year client

 

[britechguy]

I understand why you feel badly, but it's certainly not the result of anything you did (or didn't do) given the constraints.

Also, as an aside, Windows Defender under Windows 8.1 and Windows 10 are virtually identical in functionality, so I'd be using it on Windows 8.1 machines, too.

 

[Porthos]

Also, as an aside, Windows Defender under Windows 8.1 and Windows 10 are virtually identical in functionality, so I'd be using it on Windows 8.1 machines, too.

Do not believe so. Win 10 at each feature update has been improving Defender. They may share the same database but not much more.

 

[Porthos]

win 7, win 8 and win10

The win 7 computer should have been upgraded or replaced. I would have done the same with the Win 8 one as well.
You can do all you want to a computer and users can sill be tricked into anything.
You have no idea if they were phished or if the computers were even a factor in the breach.

 

[britechguy]

Do not believe so. Win 10 at each feature update has been improving Defender. They may share the same database but not much more.

I don't have a Windows 8.1 computer handy, but it is my understanding that all Windows Defender (not Windows Security as a whole, but Defender specifically) changes have been done across both versions of Windows, 8.1 and 10. But I have no way to verify at the moment.

Not unlike telemetry has been retrofitted all the way back to Windows 7 (before its demise).

 

[Computer Bloke]

I have to send them a full report of what I did to the computers

No, you don't have to do anything of the sort. How does it go again?

"You have the right to remain silent. Anything you say can be used against you in court. You have the right to talk to a lawyer for advice."

Yes, that was it.

 

[britechguy]

No, you don't have to do anything of the sort.

Not to mention, who among us could give an accurate report of everything we did to a given machine? I never have, and never will, be that thorough in the notes I take or the invoices I make.

But, I agree with refusing. We're right back to this not being the responsibility of someone doing routine maintenance. It would be like asking the handyman to account for every nail and screw he used because the house caught on fire a week later.

Unless you're presented with a legal demand, at which point I'd get a lawyer, my answer would be no.

 

[Your PCMD]

I have to send them a full report of what I did to the computers

Show me in law where you have to do that? Them asking you for that is to me, them looking to lay blame on you. I would if I were you, refuse.

Don't you have ToS?

"An anti-virus program can be overruled by the user at any time and no anti-virus product can protect against 100% of threats. The point of anti-virus software is to minimize and reduce your risk on the internet. Each user accesses the internet at their own risk."

Just a snippet of a section of mine under my FAQ page.

 

[britechguy]

Don't you have ToS?

Simple answer for me, no.

 

[sapphirescales]

Not to mention, who among us could give an accurate report of everything we did to a given machine?

It might be a good idea to run LastActivityView and export the report for the time he was working on the computer. At the very least, it proves that he didn't run any malicious executable files during that time.

 

[britechguy]

It might be a good idea to run LastActivityView and export the report for the time he was working on the computer. At the very least, it proves that he didn't run any malicious executable files during that time.

Not that I'm criticizing the technique, because I'm not, but I rely on my own reputation and years of service as enough proof that I don't run malicious anything. There is generally no need for any further proof. I'd be out of business in a week (or less) were I ever to do this. There'd also be no motive for doing it, either.

 

[Mick]

2 weeks later they were getting a flood of emails hundreds their daughter suggested they check bank account 20 K was missing from an unused line of credit account to somewhere in the Middle East.
I think the flood of emails is a distraction

This is the place to look. Pound to a penny there's a few questionable links in amongst them. Unlike the others, I'd co-operate with the bank. Not because they have any rights to this info, but purely because it will help/hasten putting you in the clear. I have to say, if my house flooded two days after I'd had a plumber round and that geezer wouldn't open up about what he'd done on-site, I'd start to harbour suspicions.

 

[britechguy]

I have to say, if my house flooded two days after I'd had a plumber round and that geezer wouldn't open up about what he'd done on-site, I'd start to harbour suspicions.

Apples and oranges comparison, really.

 

[Your PCMD]

2 weeks ago

This is the place to look.

Solved. Move on OP. Not your responsibility.

 

[Mick]

I understand, but I'm not sure the average punter - especially one in an emotional state due to loss - would make the distinction.

 

[nlinecomputers]

Unless you're presented with a legal demand, at which point I'd get a lawyer, my answer would be no.

THIS 100%. Tell them your sorry that it happened but you have NO responsibility to what happens to the PC after it leaves your shop.

Not the mechanic's fault if the driver of a car runs a red light and crashes while trying to drive the car home from the shop.

 

[Sky-Knight]

Look at it this way...

COVID is a thing right? Rather top of mind for many folks.

Where did you get infected?

You will almost NEVER be able to answer that question. This circumstance is no different.

To turn this away from the hypothetical... this client's account information was likely phished MONTHS ago. It takes time to put together enough information to get into someone's bank account online, and configure a wire transfer. Most scams rely on the user setting up that transfer themselves.

Your proximity is irrelevant. Express your condolences, and recuse yourself as professionally as possible.

One more thing. There is no such thing as an anti-malware application that keeps out the trojans currently in use to collect information on us. There are simply too many of them, and new variants made every single day. Content Control is the best hope we have of keeping them at bay, but even that requires someone to report it before it's known. The good guys are on the loosing end of the security fight right now, nothing we can do about it.

 

[johnrobert]

They did most of the banking on an iPad and think that's how it happened but I don't think it was they occasionally used computer.
I was going to upgrade the HP all in one to Win 10 with an SSD but I don't think they will want me back, I would prefer not to go back I want to dig my self out this hole.

I will do the report because they are Geordie's up North in UK, nice people and it might help them recover money.

I would be asking the bank for a report how they let the money slip thru their fingers if there was some kind of delay for unusual activity it could have been stopped, she has never used that account it was put in place for an emergency.

I think they will get refunded but bank has not told them they will. I guess they are not rich hence line of credit

I have 2-factor login to my bank, after login they send a text with a code. It should be mandatory.


Many thanks for all the input,

 

[sapphirescales]

I guess they are not rich hence line of credit

That depends. Rich people use credit too, and are much more likely to have a significant amount of unused credit. I make a ton of money and have over a million dollars in line of credit for my business, but all I can ever seem to get more than $10,000 for a personal line of credit. I thought US Bank gave me $100,000, but when I checked it was actually tied to my business so it's not a personal line.

 

[lan101]

They did most of the banking on an iPad and think that's how it happened but I don't think it was they occasionally used computer.
I was going to upgrade the HP all in one to Win 10 with an SSD but I don't think they will want me back, I would prefer not to go back I want to dig my self out this hole.

I will do the report because they are Geordie's up North in UK, nice people and it might help them recover money.

I would be asking the bank for a report how they let the money slip thru their fingers if there was some kind of delay for unusual activity it could have been stopped, she has never used that account it was put in place for an emergency.

I think they will get refunded but bank has not told them they will. I guess they are not rich hence line of credit

I have 2-factor login to my bank, after login they send a text with a code. It should be mandatory.


Many thanks for all the input,

Totally agree on the 2-factor login being mandatory but the amount of old people that suck with technology would have a hissy fit lol.

I had a few customers that got all upset because their bank started doing the call/text code every time and supposedly it was only like that in google chrome for some reason...once I had them try it in firefox it only did it once and then was in the clear.

This was just 1 certain bank so who knows what the future holds for it...but yeah the 60+ year old community is going to be in for a rude awakening I'm afraid as technology continues to evolve leaving them in the dust.