Just had a call from my mum saying she's talking to someone online after she clicked a 'Windows Defender popup' and he wants her to 'install a firewall' having already 'done so much after he took it over for her to help'.
The whole thing stinks, but I'm a bit lost as to what to do next. The good news is they don't bank online or have PayPal accounts or similar. Mum does have a Facebook account, but mainly uses to computer for looking at local events and playing online Scrabble.
Where do we go from here? They have a trusted computer tech, but are there things I suggest they do immediately bearing in mind she's feeling awful and not very tech savvy?
Flaming scammers! TIA for any help
Unplug it from the wall would be my first instinct, then get it to someone you trust who knows what they're doing to reinstall everything.
Unplug the computer, report to banks, change all passwords for everything. As a precaution cancel all debit/credit cards also.
Then you'll have to completely and securely format the hard drive and reinstall. Back up any important files and photos first with the computer disconnected from the Internet.
Happened to a mate of mines mum a few days after her husband had passed away. Horrific scam at the best of times but the running made it so much worse.
Hope the scammers suffer untold misery
Yep - go online from a different computer to change whatever passwords for websites that a re critical.
Keep the old one offline for sure!
Thanks all - now trying to get hold of her, sympathise with her for what's happen and make her understand it's not her fault as the scammers are very good at what they do. Will get her to follow the advice above with the help of her local tech wizard
Not sure how you would safely back up photos etc from a running, infected PC? Whatever you back it up to could be used to carry an attack.
Probably best to boot off a Linux USB image and move the files you want to keep that way.
I'd then just bin the HDD - they're cheap now and you'll know it's clean (well, unless infected in the factory, which has happened...)
She is likely to be feeling 'stupid' etc and yes, reassuring her it's not her fault at all is important as she doesn't need her confidence knocking any more.
It is also useful to train her up in some stock responses to such phone calls. The best one for situations like this are just to deny ownership of whatever the scammer mentions
'I see you're having a security issue with your computer'
'I don't have a computer, good bye '
'There's a problem with your Amazon Prime account'
'I don't use Amazon, good bye'
'Could I interest you in a mobile phone upgrade?'
'I don't have a mobile phone' etc etc
Canceling debit/credit cards may be overkill however its a step I'd take automatically if I were scammed like this. It costs nothing and buys piece of mind.
Do a quick review with them if whether they have noted personal details in a file on the computer
(Eg date of birth, maiden name etc. Also any account numbers - even though they’re not using internet banking)
Cancelling debit and credit cards may not be necessary. But I would inform my bank that I had been scammed. They can and should then monitor your account for anything even slightly unusual.
Thanks. My brother also helped and changed passwords across any sites she’d had them for from his machine at home. The bank were also helpful in putting a note against the account although she didn’t pass card details on the phone and doesn’t think they are stored on the browser at all. Thanks to all who advised
Still-present malware would be my biggest concern. If she's not very techie then the best thing she can do immediately is switch it off until it can be looked at.
AVG is a good free antivirus, which is kept pretty up to date. She could use that to scan her machine for malware etc?
as above, take the machine offline asap.
Thanks @cougar it is indeed still off and unplugged from the router (proper belt and braces approach). The local tech is coming to help at the weekend. I suspect, sadly, he must deal with this sort of situation with increasing relularity.
As I mention it to people, ther are plenty who say “that happened to my dad/friend(neighbour” or “I was about to pay for a DPD/Royal Mail/Hermes redelivery before my wife pointed out my phone and address aren’t linked”. It’s very sad it is so common and the scammers are so good at what they do.
AVG is a good free antivirus,
AVG was a good free antivirus, about 20 years ago.
It’s very sad it is so common and the scammers are so good at what they do.
It's not even that. Some are, many aren't. The problem is that education is woefully inadequate.
You wouldn't get in a car without driving lessons yet it's considered normal to get a computer and start randomly clicking on shit, "well, they don't really know what they're doing, ho ho ho." This is a drum I've been beating for 30 years. I did a presentation at work a week or two back and one of the things I was asked was, "if we can do one thing to best improve security company-wide, what would it be?" and I replied "amputate everyone's right index finger."
It's fine to not know what you're doing. But if you don't know what you're doing then for the love of Pete recognise that you don't know what you're doing and stop for a minute.
It’s fine to not know what you’re doing. But if you don’t know what you’re doing then for the love of Pete recognise that you don’t know what you’re doing and stop for a minute
We are only a small company which helps but our staff are excellent at asking me or the boss if they are even slightly suspicious.
It is also sometimes just a case of stopping and thinking for a second. Easier to do when you are used to it than a vulnerable person as in the OP's mother's case of course but we had an email through supposedly from one of our regular clients. It was well composed, grammatically correct etc however it just wasn't worded like they would word an email. Just didn't feel right.
Sure enough the link was dodgy and luckily we smelled the fish. Many companies would have staff that would have clicked it though...
After this sort of thing I like to run a couple of online scanners (download to a USB on another machine if you can). I would normally use
Absolute best if all that is on the machine is Microsoft Apps and a browser and your docs are in OneDrive is just to do a windows reset. Otherwise roll the machine back to the day before the funny stuff was installed (if possible), then uninstall everything you don't recognise, then those scanners and finally just Windows defender
"after he took it over for her to help" Did he have remote access? If so he probably got her to install anydesk or teamviewer or some other remote access software. Uninstall this.
To see scammers getting tables turned on them check out Jim Browning on youtube or any scambaiter vids.
