Possible Hacker Attack

MikeH

MikeH

Member
Reaction score
11
Location
Spokane, WA
I have a customer that was hit with some kind of ransomeware a couple weeks ago. He got a call from Microsoft impostors tell the customer and asked about the problem with his computer. He did have a problem and was locked out of Windows with a password dialog box. I had to slick pc and reinstall. Just got a call from him and was told he got another call from "Microsoft" stating his license was expired and he had to call them. And he tried to log on to Windows and comes back with "invalid username or password". I checked and no viruses and malicious web requests have been blocked. Could the same people that got him before have access to his computer by knowing his IP routers ip address?
 
NO, the idiot end user let them in again. If the end user wasn't a clueless dolt then he would have simply hung up on them. And that would have been the end of it. He obviously didn't. Don't ascribe magical powers to hackers when the simpler solution is that the client is lying to you.(or is so confused to honestly not know the difference, a real possibility if the end user is elderly.)
 
Colin said:
is it the start up password?
http://triplescomputers.com/blog/ca...pport-telephone-scam-computer-ransom-lockout/

If not I would suggest some sort of web filtering to help with the cause, OpenDNS maybe? Do you recall what Ransomeware he had?
I see the 1 800 Window scam at least once a week, and more from people clicking on everything on Facebook ;) educate the client and he might do better in the future.
Click to expand...
Yes, startup password. I have him on web protection, virus protection, told him Microsoft will never call you etc. The guy is clueless, not his fault he just doesn't know. First computer and he's over 50.
 
MikeH said:
Yes, startup password. I have him on web protection, virus protection, told him Microsoft will never call you etc. The guy is clueless, not his fault he just doesn't know. First computer and he's over 50.
Click to expand...
The link you gave was the problem he had last time. He was talking to someone on the phone, let them in but would not pay. I think he just forgot his password. I'll be going over there to reset his pw and I'll check and make sure his router is setup with a good password. Other than that and a few lessons on what not to do he should be in good shape.
 
nlinecomputers said:
NO, the idiot end user let them in again. If the end user wasn't a clueless dolt then he would have simply hung up on them. And that would have been the end of it. He obviously didn't. Don't ascribe magical powers to hackers when the simpler solution is that the client is lying to you.(or is so confused to honestly not know the difference, a real possibility if the end user is elderly.)
Click to expand...
I am dealing with this right now. 2nd time the client has installed TeamViewer as instructed by scammer. I have now blocked TV in the firewall by executables and the TV IP range as well as removing admin rights.
 
MikeH said:
Yes, startup password. I have him on web protection, virus protection, told him Microsoft will never call you etc. The guy is clueless, not his fault he just doesn't know. First computer and he's over 50.
Click to expand...

You need to set him up as a non-admin user if he does not have the intelligence to understand what is going on.
 
MikeH said:
That is a good thought. And yes, he does not know what he is doing.
Click to expand...

Even those that have a minor understanding should be monitored. Most of my customers are Apple based, OS X. As I'm sure you know one can never under estimate the opposition. I've had several calls in the last few months where they said that their ISP said they were infected, firewall problems, etc, etc. They were web browsing and a popup claiming to be from their ISP was warning about this. They deploy scripts which determine ISP, OS version, browser, etc, etc with the warning message. Picture below.
comcast Screen Shot 2016-05-09 at 8.56.26 PM edited.png
 
Last edited:
Markverhyden said:
Even those that have a minor understanding should be monitored. Most of my customers are Apple based, OS X. As I'm sure you know one can never under estimate the opposition. I've had several calls in the last few months where they said that their ISP said they were infected, firewall problems, etc, etc. They were web browsing and a popup claiming to be from their ISP was warning about this. They deploy scripts which determine ISP, OS version, browser, etc, etc with the warning message. Picture below.
View attachment 5852
Click to expand...
Lmao, not real good at this Mac thing are they?
 
Markverhyden said:
Even those that have a minor understanding should be monitored. Most of my customers are Apple based, OS X. As I'm sure you know one can never under estimate the opposition. I've had several calls in the last few months where they said that their ISP said they were infected, firewall problems, etc, etc. They were web browsing and a popup claiming to be from their ISP was warning about this. They deploy scripts which determine ISP, OS version, browser, etc, etc with the warning message. Picture below.
View attachment 5852
Click to expand...
I bet your customer didn't know they had Windows Defender on their computer? :rolleyes:
 
You must log in or register to reply here.

Similar threads

HCHTech
reading M365 encrypted email
Replies
1
Views
276
Sky-Knight
Sky-Knight
Velvis
Weird Gmail/Contacts issue
Replies
1
Views
377
britechguy
britechguy
thecomputerguy
Employee productivity monitoring software ...
Replies
7
Views
1K
Diggs
Diggs
ThatPlace928
[SOLVED] Best Remote Software?
2 3 4
Replies
67
Views
7K
HCHTech
HCHTech
Multi-Visions
Onedrive issues need help
Replies
3
Views
611
britechguy
britechguy
Back
Top