You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
My sister has fallen victim to a phone scam - it's well documented here: SCAM INFO
I've been through this stuff countless times with my family, but anyway, it's happened.
Bank have suspended all of her accounts and online banking access and won't restore until she can demonstrate that her phone is safe and has anti virus/malware installed. She has deleted the apps she installed as part of the scam already and I've told her to keep the phone disconnected from network or switched off. Vodafone have told her to do a factory reset of the device - Huawei.
I can't see the point in doing a full backup and reinstall if there's potential to bring anything malicious back. So my plan is to backup contacts and photos/videos, to cloud or a hard drive, wipe the phone, then she'll have to start afresh with contacts re-imported.
But what would STW do?
Bin the phone and start 100% from scratch.
Low risk, factory reset then slowly start reinstating apps that are needed.
Zero risk new phone.
I know Huawei have a love/hate relationship with Google but does this model she has have a Google account connected? Contacts and photos could be very easily save to that. Then a clean wipe to start again and all she needs is her Google login.
If not, do Huawei not have a similar account system or is this part of the reason she got hacked?
So my plan is to backup contacts and photos/videos, to cloud or a hard drive, wipe the phone, then she’ll have to start afresh with contacts re-imported.
Is a good plan. If they had control via TeamViewer then it would be difficult to recognise what they installed. AntiVirus wouldn't work if it was TeamViewer because it is a genuine program. Factory reset is best
She's got a google account to so could back some stuff up to that, 15gb of free storage with google I think as a starter.
Sorry to hear that. My dad was one key stoke away from losing £17k. The scammers got him so rattled that he wrote their bank account number down wrong, so money wouldn't transfer.
Would moving to an iPhone help? Just wondered if moving to a different eco system meant malware would be left behind.
I’ve been through this stuff countless times with my family, but anyway, it’s happened.
But what would STW do?
I'd let her sort her own mess out. IME people don't learn about this stuff when its a minor inconvenience to them and you spend hours of your life fixing it for them. There is nothing that is especially complex at sorting this, especially as:
Bank have suspended all of her accounts and online banking access and won’t restore until she can demonstrate that her phone is safe and has anti virus/malware installed.
So presumably they can tell her exactly what the need or recommend she does.
Would moving to an iPhone help?
My first thought too.
For all its faults, iOS is a lot more locked down than Android and it is deliberately difficult for the majority of users to install apps from anywhere other than the official AppStore where, in theory, the apps are all vetted and approved by Apple.
Of course, that doesn't stop her being taken in by a website saying "This is ur bank. Pleaze to entar your passwurd pleaze"
the phone was comprised rather than a computer? wow! What was the software installed, still Teamviewer or something else?
just one of the reasons I insisted on parents, etc, using iPhones (aside from Apple just being, you know, generally way better 😉). I said years ago that I thought the open nature of Android, etc, would become a massive malware problem in the future as loads of people who probably would never have had a normal computer and wouldn't be IT savvy would inevitably get one and use it for things like online banking that MUST be secure.Would moving to an iPhone help? Just wondered if moving to a different eco system meant malware would be left behind.
just one of the reasons I insisted on parents, etc, using iPhones. I said years ago that I thought the open nature of Android, etc, would become a massive problem in the future as loads of people who probably would never have had a normal computer and wouldn’t be IT savvy would inevitably get one.
that makes no sense whatsoever
just one of the reasons I insisted on parents, etc, using iPhones
And your dad, for example didn't tell you to **** off with ordering him about? Wow - mine would have.
Anyway, if the phone is linked to a Google account you need to be a little wary. Mine backs everything up - including apps. It's awesome when you get a new phone, sign in and after a while everything runs just like the old one. I don't know for sure, there could be a risk any dodgy software gets reinstalled.
Top marks to @poly so far for supporting my initial thoughts.
@tthew - that's my concern too - if it creates an image of the entire phone there's potential to bring dodgy stuff back.
The backing up to an external HHD is a kind of moot point as I currently have dozens of gb of her media stored on mine after she hadn't backed her laptop up for a decade and windows died on it last April. There's a thread here somewhere - I spent two days learning about ubuntu and kernels and creating a boot disk to recover everything. She still hasn't bought her own HDD despite my repeated instruction, and I'm f****d if I'm plugging her virus riddled phone into any device of mine.
I've had iphones for over 5 years now and never had a single issue or security threat. I abandoned android for good reason and will suggest she does too, her contract is nearly up anyway.
🤣 "insisted" is probably the wrong word... they asked "what phones should we get" and then followed my (strong) recommendation!And your dad, for example didn’t tell you to **** off with ordering him about? Wow – mine would have.
whythat makes no sense whatsoever
what software was actually installed on the android phone? I'm surprised that the banking app allowed for any interaction - I certainly can't take screenshots of my banking apps, and they normally don't allow for install on rooted devices. Unless I'm missing something I would look elsewhere for the breach (ie on a PC)..
Anyway - I recently transferred £4500 to someone to buy a second hand car (whilst standing there), and it didn't go through due to fraud checks. Unfortunately due to first direct (who are normally quite good) being busy, it meant I was stood in the pissing rain for an hour on hold with them (with battery rapidly running out on my phone) before they pushed it through (at which point it was instant). This had been triggered from my app, which has biometric login, but I don't normally transfer any large amounts, so it seems like they're layering up protection
It was exactly as per that link - Teamviwer and then a second app installed to phone. The breach was definitely via the phone.
Coincidence seeing this here cos I've just had a Google Alerts asking me if I'm trying to log into my account from a new device. It gave the location of the device which certainly wasn't where I am so I hit the "no it's not me" icon and it said the log in attempt had been blocked and said that no password had been entered.
I'd go with whole new phone but if you're dealing with someone who potentially has a virus riddled phone and doesn't do backups, you're only delaying the next (attempted) breach.
I certainly can’t take screenshots of my banking apps
i can on iOS.
not yours obviously..
loads of people who probably would never have had a normal computer and wouldn’t be IT savvy would inevitably get one and use it for things like online banking that MUST be secure
what's the connection between people who get android phones and people "who would never have had a normal computer"? Surely if Apple phones are so idiot-proof, it would be the other way around?
Not that it's much help with what's happened going forward the best thing to do when someone phones up saying 'we've noticed suspicious activity on XZY service or account', or 'would you like to talk to us about your mobile phone or whatever' is just to reply 'I don't have XYZ service'.
Did this with my mobile once -
'Would you like help with your mobile phone account?'
'I don't have a mobile phone'
'Err, haven't we called you on it?'
'No, never owned a mobile phone and never will'
'But aren't we speaking on it now'
'No'
etc etc
As to the question at the very least a full factory reset. As others have said you should be able to back the contacts up to Gmail or whatever. It's one of the reasons I have my own domain name and Exchange Server so I can back all my contacts etc up to somewhere in my control. Makes swapping phones out much easier.
Agree though a new phone would be preferable to resetting and restoring a current one.
@tthew – that’s my concern too – if it creates an image of the entire phone there’s potential to bring dodgy stuff back.
You can always log on to Google Play online (via a PC) and see the list of apps.
what’s the connection between people who get android phones and people “who would never have had a normal computer”? Surely if Apple phones are so idiot-proof, it would be the other way around?
There is a slight price difference - you can get a halfway decent new Android phone for 200€. No, it's not going to be as nice as a top of the range Galaxy or iPhone, but it will be perfectly capable of Facebook / holiday snaps / Gmail etc.
Google dont backup the actual app. At best they keep an index of what you have installed and then re-install them (with your permission) when you roll a new device (or re-roll an old one).
If i were being cautious, I'd factory reset than manually re-install the apps I wanted. Its a good opportunity for a bit of a spring clean 🙂
If there is a Google account run Google's security check.
Look to see if any devices have accessed the Google account. Remove devices if needed.
Change Google account password
Set up 2FA on Google Account
Change all passwords (yes, everything)
Set up 2FA on everything, where possible.
Re IOS being more secure. A family member with an iPhone fell for this WhatsApp hack attack. Resulted in factory reset, Apple ID password change, setting up 2FA, changing all passwords and binning WhatsApp.
iOS [I]is[/I] more secure, by design... unless you know different, that exploit gave hackers access to WhatsApp data (as well as camera/mic IF WhatsApp had permissions to use them) but nothing OUTSIDE of that i.e. no emails, online banking etc.Re IOS being more secure. A family member with an iPhone fell for this WhatsApp hack attack. Resulted in factory reset, Apple ID password change, setting up 2FA, changing all passwords and binning WhatsApp.
Also AFAIK it wasn't something your average script kiddie could get hold of... from that link
mostly rights activists it seems... being VERY nosy was your family member targeted, or was it random?WhatsApp said the complexity of the attack means it will have been used against only a small number of people.
Ahhh I get you now, I inadvertently triggered a rabid Android fanboi, apologies 🤣 I meant people who would never have had a computer (and therefore know nothing about IT security) would probably at some point get a smartphone (ANY brand smartphone lol) due to their ubiquity.what’s the connection between people who get android phones and people “who would never have had a normal computer”? Surely if Apple phones are so idiot-proof, it would be the other way around?
Ahhh I get you now, I inadvertently triggered a rabid Android fanboi,
Ah rabid Apple fanboi talks bollox
Re IOS being more secure. A family member with an iPhone fell for this WhatsApp hack attack.
Niece had that last week (iOS if it matters)
is this a new one or has she just not updated her phone in months?Niece had that last week (iOS if it matters)
I just want to say that your sister needs support not a berating. To those suggesting she sorts her own mess out...she’s been a victim of crime. It’s a horrible horrible thing to be scammed. It scars emotionally. My mother was taken for £18k by scammers who played on her terminal illness. It took me months to get the money back and a lot of counselling to help her with the self loathing she felt from being scammed. Never ever underestimate the mental damage that can be done. Go easy on the blame the idea that you should learn by sorting your own mess out is abhorrent to me. My mother was too scared to call the bank as she felt utterly vulnerable to being scammed again.
Assuming iOS is somehow magically secure might be a mistake: