Overclockers Australia Forums

OCAU News - Wiki - QuickLinks - Pix - Sponsors  

Go Back   Overclockers Australia Forums > General Topics > Newbie Lounge

Notices


Sign up for a free OCAU account and this ad will go away!
Search our forums with Google:
Reply
 
Thread Tools
Old 2nd May 2017, 9:28 AM   #1
Arch-Angel Thread Starter
Member
 
Arch-Angel's Avatar
 
Join Date: Sep 2005
Location: Brisbane
Posts: 6,857
Default mother-in-law woes...

Ok so I get a call from my mother in law last night, she's in a bit of a panic.
Apparently a lady from Telstra called her saying that her internet was running slow due to an attempted hack on her computer.
They said that they would have to close down her internet for 2 weeks, unless she was willing to double check her system security right then and there to make sure she had not been compromised.

OK... you see where this is going. I saw where it was going. The MIL did not see where it was going.

So she gives them remote access to her computer, they run a few 'diagnostics', then ask her to log into Google/Facebook/Bank account just to check that all her details were in order.

She does. I facepalm.

OK so at this point the helpful Telstra tech tells her to leave her computer running overnight.
They also tell her not to use any ipads/smart phones in case those have been compromised.
Finally they tell her, 'Not to tell anyone - we want to catch these bastards!'

The final statement (finally) red flags for her, and she decides to call me to see if it sounded suspicious.
Of course I give her the bad news...

Now, I've already instructed her to do the following:
1. Disconnect computer.
2. Call the bank. IMMEDIATELY. And explain exactly what happened.
3. Use an iPad to log into facebook/Google and change passwords.
4. Call cops (the helpful tech gave a phone number and said they'd call back in the morning).
5. Call IT company (she has experience with one that she used to liaise with regularly - they do call outs)
6. Once clean, change passwords for ANY access that shared the password of the ones she entered while remotely connected.

My suspicion was that they'd access bank account tonight and make a transfer (my parents in law a pretty wealthy, so this could be a very big issue), but that any actual fund transfer wouldn't happen until morning. So hopefully the call to the bank has put a stop to any money loss?

I'm also hoping that the advice I gave on being able to use ipad is OK? They wouldn't be able to access it through a wireless network if she didn't give them the router passwords? (i set up her router, so I don't even think she knows the password...).

Any further advice (esp on the ipad thing) would be greatly appreciated.
MIL is a very nice lady, so please no flaming. She's just too trusting for her own good, and not at all tech savvy.
__________________
Sight|Unseen | Redbubble | Flickr | Deviantart | OCAU Camera Club


Whatever you do, don't click HERE!
Arch-Angel is offline   Reply With Quote

Join OCAU to remove this ad!
Old 2nd May 2017, 9:33 AM   #2
power
Member
 
power's Avatar
 
Join Date: Apr 2002
Location: brisbane
Posts: 49,791
Default

Jesus h Christ, you should be doing the big credential cleanup for her - just get her to concentrate on the banking side. Right now that's the most important part.

What a disaster, get on top of all the recovery options - if they are changed she'll be compromised repeatedly.
__________________
this is who we are.

Last edited by power; 2nd May 2017 at 9:36 AM.
power is offline   Reply With Quote
Old 2nd May 2017, 9:46 AM   #3
Arch-Angel Thread Starter
Member
 
Arch-Angel's Avatar
 
Join Date: Sep 2005
Location: Brisbane
Posts: 6,857
Default

Quote:
Originally Posted by power View Post
Jesus h Christ, you should be doing the big credential cleanup for her - just get her to concentrate on the banking side. Right now that's the most important part.

What a disaster, get on top of all the recovery options - if they are changed she'll be compromised repeatedly.
Tell me about it...
My concern is that while I feel like I'm tech savvy enough to cover the main points, I would be concerned that I leave some trace that would allow access at a later time.
It's why i recommended that she use a proper IT company for the cleanup.

The bank (Bank of Qld) told her that they were freezing ALL of her accounts, and would not restore internet banking until she could produce a receipt from a professional who had removed any malicious software.

I would be proposing a full reinstall, but I guess its up to them.
__________________
Sight|Unseen | Redbubble | Flickr | Deviantart | OCAU Camera Club


Whatever you do, don't click HERE!
Arch-Angel is offline   Reply With Quote
Old 2nd May 2017, 9:48 AM   #4
cellular
Member
 
cellular's Avatar
 
Join Date: Apr 2004
Location: Perth
Posts: 439
Default

Yep at a minimum I'd be doing a clean reformat and reinstall in case there's any dodgy software (keylogger etc.) they've installed that slips through the net. Best of luck with it mate, gotta love IT support for the extended family.
__________________
i5 2500K, GTX 560Ti, Z68X-UD3R-B3, 8GB G.Skill 1600Mhz
cellular is offline   Reply With Quote
Old 2nd May 2017, 9:50 AM   #5
power
Member
 
power's Avatar
 
Join Date: Apr 2002
Location: brisbane
Posts: 49,791
Default

I think you are on the right track just doing a nuke from orbit if not confident of a cleanup.

I wouldn't trust most IT companies to do a thorough cleanup either.

This is going to be a hard lesson to learn, but it can be a harder one if it's half arsed.

Oh yeah, bill for your time
__________________
this is who we are.
power is offline   Reply With Quote
Old 2nd May 2017, 10:04 AM   #6
maldotcom2
Member
 
maldotcom2's Avatar
 
Join Date: Feb 2006
Posts: 1,779
Default

Holy crap. Aside from the obvious liabilities, all her email has also probably been compromised, possibly containing all the necessary info for identity theft. And let's not forget about the cached logins for any websites she frequents.
__________________
Intel i7 6700K | Asus Z170M-Plus | 16 GB Corsair Vengeance LPX 3200MHz DDR4 | EVGA GTX 1080 SC | OS: 250 GB Samsung 850 EVO SSD | Games: 500 GB Samsung 850 EVO SSD | EVGA Supernova G2 650W | Fractal Node 804 | Custom Water Loop
maldotcom2 is offline   Reply With Quote
Old 2nd May 2017, 10:16 AM   #7
tree86ers
Member
 
tree86ers's Avatar
 
Join Date: Oct 2004
Location: Brisbane
Posts: 290
Default

this is the point where saying using Linux or Mac may be a good option for future installs, esp if they only do email; social media and banking.

at least with Linux and mac the chances of malware are drastically smaller.

this is the lesson that has to be learnt by some. I have been lucky with most of my family where they usually ask me before doing anything.
__________________
Main PC "Tensa Zangetsu" - MB "eVGA X99 Classified" - CPU "i7 6800k" - RAM "corsair dominator platinum 32gb" - GPU "evga GTX 1080 FTW x 2" Trans-code PC "Hyōrinmaru" - MB "ASUS P9X79" - CPU "Xeon E5 2670" - RAM "corsair LP 32gb" - GPU "eVGA GTX 960 2GB" LAN PC "Zangetsu" - MB "EVGA Z77 Stinger" - CPU "i7 3770k" - RAM "corsair LP 16gb" - GPU "eVGA GTX 980 4GB"
tree86ers is online now   Reply With Quote
Old 2nd May 2017, 10:20 AM   #8
MR CHILLED
D'oh!
 
MR CHILLED's Avatar
 
Join Date: Jan 2002
Location: Canadia
Posts: 125,367
Default

I thought most knew about these well worn cold caller scams. Anyways, I feel for the op and clean up job ahead. These cretins still obviously manage to get people.
__________________
Malcolm Turnbull on the Libs.."we are not run by factions, nor are we run by big business or by deals in back rooms"
MR CHILLED is offline   Reply With Quote
Old 2nd May 2017, 10:38 AM   #9
CAPT-Irrelevant
Member
 
CAPT-Irrelevant's Avatar
 
Join Date: Sep 2007
Location: Sydney
Posts: 4,157
Default

Quote:
Originally Posted by MR CHILLED View Post
I thought most knew about these well worn cold caller scams. Anyways, I feel for the op and clean up job ahead. These cretins still obviously manage to get people.
There's still that unfortunate problem called "Social engineering".
__________________
I have yellow.
CAPT-Irrelevant is offline   Reply With Quote
Old 2nd May 2017, 10:47 AM   #10
BlueRaven
Member
 
BlueRaven's Avatar
 
Join Date: Jul 2010
Location: Back in Sydney
Posts: 3,893
Default

Quote:
Originally Posted by CAPT-Irrelevant View Post
There's still that unfortunate problem called "Social engineering".
It was, is, and shall always remain the most effective method of attack.
Protecting people from themselves is always bloody difficult.

Best of luck with the damage limitation OP.
__________________
"Science is interesting, and if you don't agree you can f**k off" - Richard Dawkins quoting Alun Anderson (Editor-in-Chief, New Scientist Magazine, 1992-2005).
"You are gonna show us a lot and I look forward to it" - George Carlin to a young Jon Stewart, 1997.
MSI Big Bang X58 | Xeon X5660 | 12GB DDR3-1600 | GTX970 | 500GB 850 EVO | 3TB platters | 8TB WD RE NAS
BlueRaven is offline   Reply With Quote
Old 2nd May 2017, 10:52 AM   #11
elvis
Old school old fool
 
elvis's Avatar
 
Join Date: Jun 2001
Location: Brisbane
Posts: 29,113
Default

Quote:
Originally Posted by MR CHILLED View Post
I thought most knew about these well worn cold caller scams.
You, like most, have suffered the fundamental flaw in assuming that the savviness your peer group has about computers extends to the general public.

Pro tip: it does not. Not even close.
__________________
Play old games with me!
elvis is online now   Reply With Quote
Old 2nd May 2017, 11:02 AM   #12
Arch-Angel Thread Starter
Member
 
Arch-Angel's Avatar
 
Join Date: Sep 2005
Location: Brisbane
Posts: 6,857
Default

Quote:
Originally Posted by CAPT-Irrelevant View Post
There's still that unfortunate problem called "Social engineering".
^ This.

She mentioned to me that her internet had been running slow for about a week before hand, and that the 'Tech' already had all her details and mentioned the slow down...
I'm sure it was also no coincidence that her husband had also landed in Nepal for a month long trek literally the day they called...

I wouldn't be surprised at all if they had compromised her FB (or emails) via social engineering and knew exactly when to call.
I also wouldn't be surprised if, in the week leading up to the call, that they hadn't tried some brute force attack that may have congested her internet - adding legitimacy to the call.

Again, this is all stuff that we (especially as members of a tech forum) take for granted. But some people, especially the generations before us, have know idea what these scam artists are capable of.
She had never heard of keylogging...
__________________
Sight|Unseen | Redbubble | Flickr | Deviantart | OCAU Camera Club


Whatever you do, don't click HERE!
Arch-Angel is offline   Reply With Quote
Old 2nd May 2017, 11:08 AM   #13
power
Member
 
power's Avatar
 
Join Date: Apr 2002
Location: brisbane
Posts: 49,791
Default

no dots need to be connected - it'd just be the straight up phone call that nets most - those co-incidental things are why she was so easily suckered.
__________________
this is who we are.
power is offline   Reply With Quote
Old 2nd May 2017, 11:16 AM   #14
MR CHILLED
D'oh!
 
MR CHILLED's Avatar
 
Join Date: Jan 2002
Location: Canadia
Posts: 125,367
Default

Quote:
Originally Posted by BlueRaven View Post
It was, is, and shall always remain the most effective method of attack.
Protecting people from themselves is always bloody difficult.
I think this just highlights the further and ongoing intensive need for educational campaigns to highlight the dangers of being on the net, especially for older people. Knowing how to pick a scam doesn't mean you need to be tech "savvy", just somewhat aware in the realm that you are operating, and perhaps distrustful as a default position. People will always get scammed in this way as they are with your regular Nigerian scams, it's just about educating people and spreading the word through family and friends as to these types of scams.
__________________
Malcolm Turnbull on the Libs.."we are not run by factions, nor are we run by big business or by deals in back rooms"
MR CHILLED is offline   Reply With Quote
Old 2nd May 2017, 11:21 AM   #15
power
Member
 
power's Avatar
 
Join Date: Apr 2002
Location: brisbane
Posts: 49,791
Default

Quote:
Originally Posted by MR CHILLED View Post
I think this just highlights the further and ongoing intensive need for educational campaigns to highlight the dangers of being on the net, especially for older people. Knowing how to pick a scam doesn't mean you need to be tech "savvy", just somewhat aware in the realm that you are operating, and perhaps distrustful as a default position. People will always get scammed in this way as they are with your regular Nigerian scams, it's just about educating people and spreading the word through family and friends as to these types of scams.
I have a blanket rule - if you didn't initiate the contact, it is not to be trusted. Works for just everything.
__________________
this is who we are.
power is offline   Reply With Quote
Reply

Bookmarks

Sign up for a free OCAU account and this ad will go away!

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +10. The time now is 8:51 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
OCAU is not responsible for the content of individual messages posted by others.
Other content copyright Overclockers Australia.
OCAU is hosted by Micron21!