[SOLVED] How to Stop Remote Login Scams?

[Appletax]

Solution: switch to local user account, use software that will block malicious websites such as Malwarebytes Antimalware Premium.


----------------------
Customer is old. Has memory problems.

For the second time, he's gotten someone to remotely control his computer using a legitimate program like LogMeIn, which antivirus does not stop. Are there any programs that will work to block these scams? He is using Webroot Antivirus right now, but this happens with other AVs too, such as Windows Defender.

• Install Linux? lol.
• Switch to Chromebook?
• Browser extensions?
• Paid antivirus?

 

[britechguy]

Switch him to a standard Windows 10 account and make sure that it does NOT have admin privilege and that no remote access software is currently installed on his system.

You really can't stop this entirely, as the only way it succeeds is if the end user actively participates in the scam. It's social engineering `at its finest.`

But having that user account set up such that they cannot install software can really cut this down, and I've used that technique for certain senior clients, with their consent, once I make sure they know that means they'd have to call me, or another tech, in order to install any new software. I make it clear that I will also not give them the password for the admin account I create on the machine when I do that. The whole point is to make it very inconvenient, at a minimum, and hopefully impossible for them to install anything.

 

[Sky-Knight]

Most remote systems will still run on the limited account, but yeah the damage is limited.

There is no fix for this... because the problem exists between the keyboard and the chair! If there's a mental issue, then yeah... @britechguy's solution is probably the best you can deploy.

 

[fincoder]

Browser extensions?

MalwareBytes BrowserGuard seems pretty good at blocking many of the scam sites. Even an ad blocker like UBlock Origin might help.
Apart from that, @britechguy has a good solution.

Most remote systems will still run on the limited account, but yeah the damage is limited.

I think the idea is that the remote access apps can't be installed using a limited account, and the 'damage' is done by voice (ccard number) or web browser (internet banking or paypal).

If any can be installed using a limited account, another possibility is to limit installs to apps from the store only. It will still allow already installed apps to run, and can be turned off temporarily by an admin for installing more non-store apps. This idea could help with less malicious toolbars etc that might not require admin authority.
How to block non-Store apps in the Windows 10 Creators Update | Windows Central

 

[britechguy]

There is no fix for this... because the problem exists between the keyboard and the chair!

Exactly. And I'd say that the vast majority of the "attack surfaces" that are commonly employed and successful are the direct result of what exists between the keyboard and the chair.

The old saying, "Fool me once, shame on you, fool me twice, shame on me," applies, because I believe people are perfectly capable of learning vicariously and the reports of remote support scams are legion.

While I will admit that cognitive compromise may be at play here, and I'll grant that's a complicating factor, it is beyond my ability to believe that it is not simple to remember, "If you didn't initiate the contact with a person or entity, then you NEVER grant them remote access."

If you didn't "call them" then they never, ever, ever get access to your machine. Dirt simple.

 

[britechguy]

people trying to solve their own problem by Googling for Microsoft Tech Support (or increasingly HP Tech Support) and then clicking on or calling the first result they get.

Can't disagree there. But you'll never get people to do due diligence if they're that inclined to believe whatever turns up first in a web search.

There's a limit to what one can do when it comes to pure stupidity, and, I'm sorry, but this is pure stupidity. If you want Microsoft support you go to microsoft.com and search there. If you want HP support you go to hp.com or support.hp.com and search there. For any of the majors, this is hardly rocket science. Hell, just look at the darned URL and if the company name for the maker of what you have a problem with is not a part of it, it's not legit.

 

[GTP]

The only way I've been able to limit (but not stop) this scenario is to print a big A4 sized note that sits next to my Father-In-Law's PC saying "CALL ME FIRST!"

He has been scammed 5 times already by doing exactly what @Computer Bloke just described as well as believing random callers because they are "from Telstra, Microsoft, DODO" etc.

 

[Markverhyden]

Folks, realize that, at least here in the US, these black hats actually call out of the blue. No website, other than anydesk, etc, needed.

 

[GTP]

I'm sorry, but this is pure stupidity. If you want Microsoft support you go to microsoft.com and search there. If you want HP support you go to hp.com or support.hp.com and search there

Thats a bit harsh considering that many of the victims are elderly and not in control of their faculties, as the OP stated in their opening post.

The "stupid" tag can easily be applied to younger people who really should know better though.

 

[britechguy]

Thats a bit harsh considering that many of the victims are elderly and not in control of their faculties, as the OP stated in their opening post.

The "stupid" tag can easily be applied to younger people who really should know better though.

I will agree that those who are elderly and not in control of their faculties have encountered a sad situation when they are scammed. Particularly if they are completely on their own.

But, and this is coming from someone whose mother is in the later stages of dementia, it is up to those who are caring for those individuals to "take away the keys" as needed as faculties decline. You don't let those who cannot safely drive continue to drive. And you should not allow those who cannot safely handle whatever aspect of their own affairs continue to do so without some sort of controls or supervision. And I have to say that putting controls on the elderly when it comes to computers is a far, far easier task than taking away car keys/driving privileges and is absolutely far, far easier than succeeding with those computing restrictions on the young. A determined youngster will find a way!

It's difficult, but absolutely essential, to begin parenting your parents when circumstances dictate that this really must be done.

 

[britechguy]

believing random callers because they are "from Telstra, Microsoft, DODO" etc.

I just want to note (and I'm putting aside cognitive impairment) that Microsoft, and, in the USA, virtually every other ISP, cable service provider, credit card company, etc., has stated, repeatedly, in writing in materials sent to their customers over years, that they should NEVER disclose any sensitive information to anyone claiming to be calling from them. They'll out and out state that they will NEVER call you asking for that information.

This is not new. This is not news. I really cannot understand how so many can be scammed by these kinds of scams, often more than once.

Again, if you did not establish the contact, and in the USA you really have to in order to have any assurance you're talking to who you think you are, you do not interact. You hang up. Microsoft, Visa, the Social Security Administration, and the list goes on and on is NEVER going to call you asking for any sensitive information. They have never called me asking for any information, and I'm not some dewy-eyed young thing.

 

[GTP]

They'll out and out state that they will NEVER call you asking for that information.

This is exactly what I tell my clients - that Microsoft, Telstra et al will NEVER call you asking for information about your PC because they simply dont care!

 

[Sky-Knight]

@britechguy The only time I've seen remote scams work repeatedly on the same individual is in cases of cognitive decline. Every case I've been exposed to has resulted in the passing, or institutionalization of the individual in question relatively soon afterward. The longest of which took about two years.

It's heart breaking... but your tactics are the best we can perform from our positions of limited input and power.

 

[YeOldeStonecat]

End user education is the key.
Yes...it's sad. The elderly....aren't "savvy" about these things. Heck it even happens to younger/middle age people that just aren't tech savvy. Well, not tech savvy....but...aware of how things can be abused, scammed. "too trusting of the web" I guess. Instead of "street smart"....there's "web smart"...and many people aren't aware of the dangers out there on the web.

But you can't expect "antivirus" to stop regular remote apps. That's like asking antivirus to block Microsoft Word or Excel documents, or PDF files. Remote apps like Teamviewer, versions of VNC, LogMeIn, AnyDesk, Splashtop, Join.Me...these are all normal and safe remote support programs. Can't ask antivirus to block those. Especially when the computers user is running it because the person on the other end of the phone asked them to.

 

[Appletax]

Another thing that can help is installing something like Malwarebytes Antimalware Premium as it blocks malicious websites.

 

[Appletax]

End user education is the key.
Yes...it's sad. The elderly....aren't "savvy" about these things. Heck it even happens to younger/middle age people that just aren't tech savvy. Well, not tech savvy....but...aware of how things can be abused, scammed. "too trusting of the web" I guess. Instead of "street smart"....there's "web smart"...and many people aren't aware of the dangers out there on the web.

But you can't expect "antivirus" to stop regular remote apps. That's like asking antivirus to block Microsoft Word or Excel documents, or PDF files. Remote apps like Teamviewer, versions of VNC, LogMeIn, AnyDesk, Splashtop, Join.Me...these are all normal and safe remote support programs. Can't ask antivirus to block those. Especially when the computers user is running it because the person on the other end of the phone asked them to.

Can't educate someone with alzheimer's that'll forget what you said very quickly

 

[Porthos]

Another thing that can help is installing something like Malwarebytes Antimalware Premium as it blocks malicious websites.

Malwarebytes Browser Guard and Ublock Origin together would be my choice.

 

[Appletax]

Malwarebytes Browser Guard and Ublock Origin together would be my choice.

I had issues with browser guard massively slowing down the Internet (web browsing). Also put it on a customer's new surface book and it made her crazy lol.

No issues with MB Premium.

uBlock Origin is the shiznit. I also install HTTPS Everywhere and set DNS to Cloudflare (1.1.1.1).

 

[britechguy]

Can't educate someone with alzheimer's that'll forget what you said very quickly

You are correct, absolutely correct. And if you have someone going into dementia whose judgment is now very bad and who is doing things like sending money to various and sundry "online friends" the solution is taking away the computer.

My mother, God rest her soul, was one of 8 children, and every single one of them has been struck with Alzheimer's disease. Just as the time comes when you have to take away the car keys for safety's sake, there comes a time (sometimes) where you have to take away the computer (or, at the very least, web access from it) for safety's sake. And you hate having to do each and every one of those things. But, as I once had to say directly to my mother, and with great regret and equal conviction, "Mom, what you want is not what matters first anymore, what you need takes precedence."

You can't use "ordinary means" in extraordinary circumstances. And the dementing process is an extraordinary circumstance.

 

[Sky-Knight]

I think I'd let my loved one have the computer, but it'd be a tablet or something similar. And I'd have locked up all the payment options, so if someone got into said device, there's nothing to steal.

But yeah, this is a huge issue, and not something that we can deal with fully from a technical perspective. It's a human problem, requiring human solutions.