mother-in-law woes...

Discussion in 'Newbie Lounge' started by Arch-Angel, May 2, 2017.

  1. Arch-Angel

    Arch-Angel Member

    Joined:
    Sep 6, 2005
    Messages:
    6,858
    Location:
    Brisbane
    Ok so I get a call from my mother in law last night, she's in a bit of a panic.
    Apparently a lady from Telstra called her saying that her internet was running slow due to an attempted hack on her computer.
    They said that they would have to close down her internet for 2 weeks, unless she was willing to double check her system security right then and there to make sure she had not been compromised.

    OK... you see where this is going. I saw where it was going. The MIL did not see where it was going.

    So she gives them remote access to her computer, they run a few 'diagnostics', then ask her to log into Google/Facebook/Bank account just to check that all her details were in order.

    She does. I facepalm.

    OK so at this point the helpful Telstra tech tells her to leave her computer running overnight.
    They also tell her not to use any ipads/smart phones in case those have been compromised.
    Finally they tell her, 'Not to tell anyone - we want to catch these bastards!'

    The final statement (finally) red flags for her, and she decides to call me to see if it sounded suspicious.
    Of course I give her the bad news...

    Now, I've already instructed her to do the following:
    1. Disconnect computer.
    2. Call the bank. IMMEDIATELY. And explain exactly what happened.
    3. Use an iPad to log into facebook/Google and change passwords.
    4. Call cops (the helpful tech gave a phone number and said they'd call back in the morning).
    5. Call IT company (she has experience with one that she used to liaise with regularly - they do call outs)
    6. Once clean, change passwords for ANY access that shared the password of the ones she entered while remotely connected.

    My suspicion was that they'd access bank account tonight and make a transfer (my parents in law a pretty wealthy, so this could be a very big issue), but that any actual fund transfer wouldn't happen until morning. So hopefully the call to the bank has put a stop to any money loss?

    I'm also hoping that the advice I gave on being able to use ipad is OK? They wouldn't be able to access it through a wireless network if she didn't give them the router passwords? (i set up her router, so I don't even think she knows the password...).

    Any further advice (esp on the ipad thing) would be greatly appreciated.
    MIL is a very nice lady, so please no flaming. She's just too trusting for her own good, and not at all tech savvy. :(
     
  2. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    52,071
    Location:
    brisbane
    Jesus h Christ, you should be doing the big credential cleanup for her - just get her to concentrate on the banking side. Right now that's the most important part.

    What a disaster, get on top of all the recovery options - if they are changed she'll be compromised repeatedly.
     
    Last edited: May 2, 2017
  3. OP
    OP
    Arch-Angel

    Arch-Angel Member

    Joined:
    Sep 6, 2005
    Messages:
    6,858
    Location:
    Brisbane
    Tell me about it...
    My concern is that while I feel like I'm tech savvy enough to cover the main points, I would be concerned that I leave some trace that would allow access at a later time.
    It's why i recommended that she use a proper IT company for the cleanup.

    The bank (Bank of Qld) told her that they were freezing ALL of her accounts, and would not restore internet banking until she could produce a receipt from a professional who had removed any malicious software.

    I would be proposing a full reinstall, but I guess its up to them.
     
  4. cellular

    cellular Member

    Joined:
    Apr 13, 2004
    Messages:
    454
    Location:
    Perth
    Yep at a minimum I'd be doing a clean reformat and reinstall in case there's any dodgy software (keylogger etc.) they've installed that slips through the net. Best of luck with it mate, gotta love IT support for the extended family.
     
  5. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    52,071
    Location:
    brisbane
    I think you are on the right track just doing a nuke from orbit if not confident of a cleanup.

    I wouldn't trust most IT companies to do a thorough cleanup either.

    This is going to be a hard lesson to learn, but it can be a harder one if it's half arsed.

    Oh yeah, bill for your time :)
     
  6. maldotcom2

    maldotcom2 Member

    Joined:
    Feb 18, 2006
    Messages:
    1,875
    Holy crap. Aside from the obvious liabilities, all her email has also probably been compromised, possibly containing all the necessary info for identity theft. And let's not forget about the cached logins for any websites she frequents.
     
  7. tree86ers

    tree86ers Member

    Joined:
    Oct 12, 2004
    Messages:
    317
    Location:
    Brisbane
    this is the point where saying using Linux or Mac may be a good option for future installs, esp if they only do email; social media and banking.

    at least with Linux and mac the chances of malware are drastically smaller.

    this is the lesson that has to be learnt by some. I have been lucky with most of my family where they usually ask me before doing anything.
     
  8. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    128,690
    Location:
    Canadia
    I thought most knew about these well worn cold caller scams. Anyways, I feel for the op and clean up job ahead. These cretins still obviously manage to get people.
     
  9. CAPT-Irrelevant

    CAPT-Irrelevant Member

    Joined:
    Sep 7, 2007
    Messages:
    4,530
    Location:
    Sydney
    There's still that unfortunate problem called "Social engineering".
     
  10. BlueRaven

    BlueRaven Member

    Joined:
    Jul 29, 2010
    Messages:
    3,953
    Location:
    Sydney
    It was, is, and shall always remain the most effective method of attack.
    Protecting people from themselves is always bloody difficult.

    Best of luck with the damage limitation OP.
     
  11. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    30,849
    Location:
    Brisbane
    You, like most, have suffered the fundamental flaw in assuming that the savviness your peer group has about computers extends to the general public.

    Pro tip: it does not. Not even close.
     
  12. OP
    OP
    Arch-Angel

    Arch-Angel Member

    Joined:
    Sep 6, 2005
    Messages:
    6,858
    Location:
    Brisbane
    ^ This.

    She mentioned to me that her internet had been running slow for about a week before hand, and that the 'Tech' already had all her details and mentioned the slow down...
    I'm sure it was also no coincidence that her husband had also landed in Nepal for a month long trek literally the day they called...

    I wouldn't be surprised at all if they had compromised her FB (or emails) via social engineering and knew exactly when to call.
    I also wouldn't be surprised if, in the week leading up to the call, that they hadn't tried some brute force attack that may have congested her internet - adding legitimacy to the call.

    Again, this is all stuff that we (especially as members of a tech forum) take for granted. But some people, especially the generations before us, have know idea what these scam artists are capable of.
    She had never heard of keylogging...
     
  13. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    52,071
    Location:
    brisbane
    no dots need to be connected - it'd just be the straight up phone call that nets most - those co-incidental things are why she was so easily suckered.
     
  14. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    128,690
    Location:
    Canadia
    I think this just highlights the further and ongoing intensive need for educational campaigns to highlight the dangers of being on the net, especially for older people. Knowing how to pick a scam doesn't mean you need to be tech "savvy", just somewhat aware in the realm that you are operating, and perhaps distrustful as a default position. People will always get scammed in this way as they are with your regular Nigerian scams, it's just about educating people and spreading the word through family and friends as to these types of scams.
     
  15. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    52,071
    Location:
    brisbane
    I have a blanket rule - if you didn't initiate the contact, it is not to be trusted. Works for just everything.
     
  16. OP
    OP
    Arch-Angel

    Arch-Angel Member

    Joined:
    Sep 6, 2005
    Messages:
    6,858
    Location:
    Brisbane
    Just wondering what everyone thinks about the iPad thing...

    Any risk there?

    (Recap, I've told her it's ok to use... even on her home network. If you think that is bad advice, let me know!)
     
  17. Matthew kane

    Matthew kane Member

    Joined:
    Jan 27, 2014
    Messages:
    1,091
    Location:
    Melbourne
    Ouch, that's got to hurt but:

    Immediately change passwords of all accounts that were told to be logged in during the remote session by the hijacker/scammer on another device. Actually I would change passwords on all accounts just to be on the safe side.

    I wouldn't be too concerned with the bank details being leaked at this stage as banks are pretty quick to catch on oddities once you call them to freeze your account, not to mention if the remote attacker uses your MIL's credit card details (joint account) to make purchases, you can inform the bank to do chargebacks and block off all purchases from that point on wards.

    I would be concerned about the identity theft issue and what is in your MIL's gmail/email accounts especially if it is used for business/corporate needs.

    Unfortunately its also too late to trace where that call came from but you can still contact Telstra and inform them that scammers are using social engineering acting on behalf of Telstra calling residents up to do a remote system check. Which no ISP will ever do.

    Do a fresh system install which you're onto already, have an AV installed or something and teach your MIL about these sort of attacks and how to avoid them in the future.
     
  18. tree86ers

    tree86ers Member

    Joined:
    Oct 12, 2004
    Messages:
    317
    Location:
    Brisbane
    unlikely... unless an app was installed that allows access or it was connected to the PC when they had access to the PC.

    Funnily enough it would be probably the first place to notice change with the email since it will prompt you for the password every chance it gets if it changes.
     
  19. power

    power Member

    Joined:
    Apr 20, 2002
    Messages:
    52,071
    Location:
    brisbane
    if she left the machine actually connected overnight the entire network is compromised imo.

    You can jump into the router, enable remote access all kinds of shit (most routers use default logins so if you are on the network you can look up so much stuff).

    If those doing the "hack" are experienced they are all through your shit now.

    Honestly, I used to have to recover so much stuff for people when I did a lot of consumer work and nothing in her IT life is safe.

    Change each and every password - AND recovery options, double check the lot and UPDATE all of them.
     
  20. MR CHILLED

    MR CHILLED D'oh!

    Joined:
    Jan 2, 2002
    Messages:
    128,690
    Location:
    Canadia
    There are situations where this does not work, but as a general rule that's solid advice. If you have a service in place generally a company won't contact you.
     

Share This Page