OCS banner and logo
Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe 
Search All Articles

Browse by Category

powered by pmc2m


How Con Men Attacked Two of my Clients

Preview: I take you step by step through how a client of mine gave up control of his computer and possibly his credit card to a con man through an email scam. Hopefully, this will help prevent this from happening to you.

How miscreants convinced two of my clients to let them into their computers and watch as they logged in to their credit card account. One then lost control of his computer and wasn't even able to log back in.

Last month I wrote an article explaining why phishing attacks will increase dramatically and why they will get better. No need to explain here, just know you will get more emails trying to con you into making a mistake and letting the miscreants steal from you. These cons will get more sophisticated and harder to spot.

After publishing that article, two clients in the next couple of weeks let a thief into their computers and needed to call me to clean up the mess. Of course, they don't read my newsletter, but I decided to explain exactly how those cons worked. I explain, step by step, the mistakes that they made and how to avoid them.

In both instances they received an email thanking them for payment of their bill for a subscription to a service, they don't subscribe to. The payment was over $300. I think one of them was for Norton AntiVirus. But I've seen them for Best Buy's Geek Squad and other antivirus programs. It can be any service or item. The emails can look authentic.

There is a phone number to call if you have questions.

Mistake #1.

They read the email. Know that these emails are coming. Don't open emails of invoices, receipts or bills from places you don't do business with. Send them to your spam folder then later empty the spam folder.

Mistake #2

They called the phone number! Never click a link or call a number coming from a company you don't do business with. Never. Period. If you do business with them, you still don't know that this email really came from the company and not a scammer. So, use the phone numbers or email addresses you have in your records, not the one from the email which could connect you to anyone, anywhere in the world. It is safe to click on links from companies you trust, sending you an email you expect that is normal and there is no need to login. For example, you can click on links in this newsletter. But you should not if I was asking you to log in to your account.

The story continues...
When they called the number, they got a very nice sales and support representative who was very concerned that such a problem could happen and would check into it immediately. But according to their records, you were using Norton AntiVirus. In fact it was connected at this very moment. He told my client to check the taskbar down by the clock and look for the Norton Icon down there.

After some back and forth, the "sales and support" representative says that if Norton isn't there and being used, he'll reverse the charge immediately. But he has to check and see that my client isn't using it. Just download this program, and he'll check. If Norton isn't there, he'll reverse the charge.

Horrible mistake #3. Both clients let the con man into their computers to check.

There are some things, you just don't want to let into your computer. These crooks, like vampires, can only come in if you invite them. Don't invite them in.

The con men had the clients download and run a remote control program and let him check for Norton. He finds that Norton isn't there and apologizes profusely. Saying, "Just give me a minute, and I'll reverse the charge on your credit card." After a minute or so, he comes back and told my client the charge seemed to be reversed, and in fact, wiped out completely. He requests that my client check his credit card and see that the charge was removed.

Catastrophic mistake #4. One client then logged in to his credit card account. He found that the charge was gone.

Since the charge was never made, of course it was gone. The other client shut down his computer and called me before logging in to his credit card account. But one of them checked his credit card then figured out it was probably a scam. He then hung up the telephone. However the con man was still in his computer.

Mistake #5. That client didn't immediately turn off the computer and call for support.
That client lost control of his computer. The con man had set the remote control program to put up a picture to hide what he was doing and prevent logging in. I could not get in remotely. The login screen was disabled. Even shutdown as disabled.

Mitigation steps

  1. First and foremost, shut down the computer and disconnect from the Internet.
  2. If you logged in to your bank or credit card or email, or wherever, change those passwords. For banks or credit cards call them and get a new card.
  3. Have a trusted professional try and fix the problem.
  4. Carefully tell the computer consultant everything that happened step by step.
  5. If the con man had more than 30 seconds on your computer, then change every password to every account your browser handles the password for. It is normally simple to access the passwords from your browser. This is one reason I recommend against allowing the browser to log you automatically into sites, or keep your passwords.
  6. If the crook could have grabbed your password as you logged in to a credit card or bank, and you are foolish enough to use the same password in multiple places, then change the password everywhere.

A useful rule: If you don't know where they live or work, then don't let them into your computer. Sometimes you can let tech support people into your computer. It's probably safe if you called a company for support, and their tech answers and needs to access your computer to solve the problem you called them about. Be sure you are using a phone number you have or is on their website, not one from an email.

Further reading

Date: December 2022

Creative Commons License
This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

  Please direct questions/suggestions about website to the webmaster