My client fell for a Telemarketing Scam

Blue Banana

Blue Banana

Member
Reaction score
3
Location
South Africa
A client (let's call him Mr A) called me up today and told me what happened.

He got a call from a so-called Microsoft employee who told him his "computer has a virus installed and I can help get rid of it for you". After a few minutes, the scammer VNC'd my client's PC and was busy doing all sorts of things.

The guy on the phone then told Mr A that he (the scammer) will be busy for another hour, so Mr A left him to it. After a while the scammer called Mr A again and said he has to reboot his PC. The scammer also said he had to install an anti-virus suite, which he directly charged $60 for from Mr A's credit card. The company that charged the card was @E Protection.

After this, Mr A called his son to tell him about all this and he told him to immediately close all his bank accounts, pin codes and what not. Now luckily after the scammer did all his work, Mr A did not access his online banking site or actually do anything on the computer at all. He just shut it down and that is how he brought it to me.

Now I'm hoping someone here has had some experience with scamming going THIS far and was able to not let the scammers gain access to the person's bank account/personal data etc. I was thinking about doing a format and clean install, but first thought I'd ask some advice here, so any help/ideas/advice will we immensely appreciated.
 
This isn't a really standard topic, so I'd format the drive and write 0's to it.

You can use something like DBAN for that, afterwards I'd do a full OS reinstallation with all microsoft updates and a decent antivirus/antimalware solution put into place.

If he's not buying his anti virus/malware from you then I'd go with Security Essentials and Avast.

Make sure all web players (Java, Flash, and so on) are up to date.

Make sure you note any serial numbers or registration numbers you may need to reinstall any existing products (like Office and so on)
 
I have seen this a number of times with a number of various scams such as your windows licence is about to expire or you have a virus. unfortunately they have never called me.
A typical scam is they show the user the event viewer and scsare them into thinking there are issues with the entires.
The user could try to get a refund from the bank. Over here in the UK they can get a bit funny about it as they claim the user paid for a legitimate service. However I wrote a report for the user explaining it was a scam and that the alleged address in the UK for the scammer is in reality an estate agents.

You will probably find that they have not loaded anything nasty on the machine, their sole aim is to get paid for doing nothing and claim it is a legitimate service, usually from India.
That is my experience anyway. Others may have a diferent experience of this.
 
Make a disk2vhd image of his computer.
Boot that in VPC or VMW (pick your flavor) and see if you can find out what was done to it.
I'd love to go through an image like that. none of my clients have had this happen but I see it on here from time to time and would really like to dig into a system just to see what was all done.
 
wardoursecure said:
...snip....
You will probably find that they have not loaded anything nasty on the machine, their sole aim is to get paid for doing nothing and claim it is a legitimate service, usually from India.
That is my experience anyway. Others may have a diferent experience of this.
Click to expand...

I've had two of these recently, and this has been my experience as well. After they remote in, they install some a password-protected login (not the standard windows login) that pops up just before Windows finishes loading. It doesn't flag as malware, and an offline System Restore will get you back in business. Both of these machines were missing a substantial amount of Windows updates (including the latest SP's) afterwards, despite restoring to a fairly recent point. I'm not sure if this is a coincidence or not. One of my customers did mention that the person on the phone mentioned that he had a problem with updates....this may be something that was done to the machine after they remoted in.
 
Interesting. I do think it'd be safer just to do a clean install, just for that odd case that something was installed. Can't take any chances with this.
 
This just happened here (Central USA) to a customer of mine. The computer has a lock-out password and they (customer) cannot log in. Any chance that an offline PW removal proggy would let me clear out the pw and allow us to get back into the O/S.
 
Altster said:
This just happened here (Central USA) to a customer of mine. The computer has a lock-out password and they (customer) cannot log in. Any chance that an offline PW removal proggy would let me clear out the pw and allow us to get back into the O/S.
Click to expand...

Yup....depending on the OS...plenty of password reset tools available...most free, haven't found a free one yet for Win8 but there are pay-for ones that work in Win8.
 
Altster said:
This just happened here (Central USA) to a customer of mine. The computer has a lock-out password and they (customer) cannot log in. Any chance that an offline PW removal proggy would let me clear out the pw and allow us to get back into the O/S.
Click to expand...

Never know until you try :p For the two that I had recently, I just did an offline System Restore to a point a day or two before the call.
 
You must log in or register to reply here.

Similar threads

YeOldeStonecat
Gaming rig...help with client computer with vid card issues.
2
Replies
25
Views
917
Rosco
Rosco
LordX
'Complete' business management software for a client
Replies
5
Views
237
LordX
LordX
thecomputerguy
Employee terminated, emails deleted ... am I missing anything here?
Replies
5
Views
386
Sky-Knight
Sky-Knight
Metanis
[REQUEST] Recommending a backup solution.
Replies
8
Views
577
Sky-Knight
Sky-Knight
thecomputerguy
Punishing clients for their transgressions.
Replies
6
Views
282
sapphirescales
sapphirescales
Back
Top