Here’s The Story Of One Of My Clients Who Just Narrowly Avoided Getting Caught Up In A #Scam

Yesterday was a typical Monday for me. Which meant that I was busy as Monday and Fridays are my busy days. I had just come back to my home office after seeing a number of clients and found a voice mail with an urgent request for a call back from one of my clients. I could hear the panic in her voice so I called her back. And what unfolded next was someone who was clearly freaked out by a run in with a pop up scammer.

Before I get into the weeds of the story, let me quickly explain what a pop up scam is. Pop ups are generated by websites to offer users additional information or guidance (such as how to fill in a form, how to apply a discount code, etc.). So a pop up is typically not harmful. However, scammers have leveraged pop ups to allow them to perpetrate their scams in a variety of ways. Scammers use pop-up scams to make money by preying on concerned users who want to ensure their computer is secure and extorting money from you to fix problems and resolve threats that do not exist. Or they want to get into your computer to collect information to steal your identity or steal your money, or both. In the worst case, these pop-ups can install malware onto your computer which can cause all sorts of damage and issues.

Back to the story. My client saw this pop up on her computer:

She tried to get rid of this screen, but couldn’t do so. More on that later. She then panicked and called the number on the screen. The scammer who claimed he was a “Level 5 Microsoft Technician” (Fun fact: Microsoft doesn’t have “Level 5 technicians”) then proceeded to execute the scam. He got access to her computer and then blanked her screen so that he could install ConnectWise Screen Connect which would give him access to her computer anytime he wanted to. The reason that the scammer blanked her screen is that he didn’t want her to see what he was up to as that would have made her suspicious. He then ran a variety of commands to convince her that her computer had been “hacked”. For example the scammer ran the “Tree” command inside a command window followed by the “netstat” command to accomplish that. After that he tried to convince her to open her online banking. That’s when she got suspicious and not only ended the call, but she also disconnected her Internet entirely. Then she called me.

Now let me stop here and say something. Scammers rely on putting pressure on you so that you suspend your critical thinking which allows them to do what they want. But my client did not suspend her critical thinking and was able to stop this scam from going further. Or put another way, her “Spidey Sense” went off and she paid attention to it. That’s good because if something doesn’t seem right, it usually isn’t. And you should run from that situation as quickly as possible. Thus I really applaud this client for listening to her gut and taking action to stop the scam before it went too far.

When I arrived on site, I had a look at her computer. The first thing that I dealt with was the installation of ConnectWise Screen Connect. The scammer had installed it as a service, meaning that it not only would activate every time the computer was on, but the owner of the computer would have difficultly finding it and removing it. But because this wasn’t my first rodeo in terms of dealing with scammers, I found it and killed it quickly. I then examined her computer to see what the threat actors did, and it seemed that they were early in executing the scam. So that meant that they likely didn’t have time to do much of anything. I also found the pop up that she encountered and I noted that the pop up made itself take up the entire screen. That made it difficult to close. However, the pop up was designed to have a close button that was small and not easily noticed so that the scammer could “fix” the threat that the pop up allegedly created. Other than that, I could find no other problems with the computer. Thus I had her turn on the Internet.

That’s the good news. Here’s the bad news. On the computer she had a Microsoft Word document with all her passwords on there. Thus I advised her to change all those passwords immediately as I could not guarantee that the scammers didn’t steal this document. The second thing that I advised her to do is to get credit monitoring because the same document had her social insurance number in it. Meaning that there was the possibility of identity theft. Finally, I advised her to watch the computer for any unusual activity.

Now let me dissect some key points of the scam so that you don’t fall victim to something like this:

  • If you encounter a pop up like this. It’s guaranteed to be a scam. Your antivirus software will never require you to call a phone number to resolve an issue. Anything that the antivirus software encounters is usually resolved by the software itself.
  • The pop up can usually be closed without too much of a problem. However, if the pop up will not go away by closing it, try restarting the computer. If that doesn’t work, turn off the computer contact a computer professional for assistance. 
  • Microsoft does not provide support for end users and they never have. Any and all support for Windows is provided by whomever you bought the computer from. As in Dell, or HP, or Lenovo for example.

Finally, I handed the phone number from the picture above to the scam baiter community so that they can have “fun” with these scammers. By that I mean that they will get more intel on them and do things to disrupt their scams. Because I know from experience that getting law enforcement in these situations is difficult at best. But scam baiters can do a lot of damage to these scumbags and expose their activities. Thus that is the best that I can do to make these scumbags pay for what they did to this woman as they really freaked her out. And that’s not cool with me.

Hopefully this story was informative and gives you some insight. If you have any questions, please reach out by leaving a comment below.

Leave a Reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading