The Flat Earth Society

Other Discussion Boards => Technology & Information => Topic started by: Rama Set on September 17, 2018, 05:53:31 PM

Title: Does this look legit?
Post by: Rama Set on September 17, 2018, 05:53:31 PM
Hey hive mind,

I have a friend who is so bad with computers that she makes me look like Parsifal.  She had used a tech company in India names TeckPCSupport to help her printer and macbook compatible.  A year later a guy called unsolicited from the same company.  He had an Indian accent and his name is Tony Martin, and he said that her computer had been compromised and offered to help her work through it.  Her terminal app, under the control of Tony Martin pulled up the following message:

(https://i.imgur.com/Unp4zKS.jpg)

As she was telling me the story, a few things struck me as odd:

What do you guys think, was she swindled?

BREAKING NEWS: She called the tech company she had enlisted to fix her printer and gave them the number that Tony Martin had given her and they were like, "lol wut?  Nah, yoo got fuked"

If she just got scammed, is this a situation where she formats her computer and changes all her passwords?
Title: Re: Does this look legit?
Post by: xasop on September 17, 2018, 06:12:20 PM
Uh, that's just something someone typed into the terminal prompt. Is there any actual evidence that anything is wrong with her computer, or did this guy just take her money and write some meme shit on her screen?
Title: Re: Does this look legit?
Post by: juner on September 17, 2018, 06:13:33 PM
If I had to guess, I would say that nothing has happened (no way to confirm obvs). But based on the gibberish, there isn't any way a payload was delivered from what is visible. Safe bet is always to nuke it and start fresh when someone gets access, though (since there may be more to it than this screenshot). The memester tried to run 'scan' which doesn't exist and Terminal tells you so. He then ran 'Say' which will literally just output what is typed after the command to the speakers with the robot voice. I assume he ran that to make it appear more legit.

Tell your friend to not let any randos who dial her up to access her computer...
Title: Re: Does this look legit?
Post by: Pete Svarrior on September 17, 2018, 06:14:41 PM
Against better judgement, I'll assume that this is a sincere question and not a troll.

She was 100% swindled, these types of scammers are very common nowadays. They either solicit calls through malicious websites, or make unsolicited calls and try to convince their victims that their flux capacitors are broken and that it must be immediately fixed through a remote session.

There are red flags all over the place here, including your screen photo which clearly indicates that the command the scammer ran was not found on the system. And the actual "output" in the terminal just doesn't look like something that would come out of any scanning software. Most likely, the scammer had this copied and pasted it into the terminal to make it look legit.

It's really disheartening that people fall for it, and even more depressing that there are people out there who would prey on others' lack of tech aptitude.

For educational purposes, it might be useful to show her some of Jim Browning's stuff (https://www.youtube.com/channel/UCBNG0osIBAprVcZZ3ic84vw) - he's one of many people on YouTube trying to either waste these people's time or to minimise the impact of their activities. It might not be the most thrilling of content, but awareness of these sort of things is becoming pretty important.

Anyway, whether or not she needs to Reset Absolutely Everything™ depends entirely on what the scammer did while he had access to the machine. I suspect that we won't be able to find that out reliably. Without that knowledge, we can only speculate:

I'd say either try to find out more about what happened during their interaction to better inform decisions, or go full martial law on her computer and banking stuff just to be safe.
Title: Re: Does this look legit?
Post by: Rama Set on September 17, 2018, 06:20:12 PM
Against better judgement, I'll assume that this is a sincere question and not a troll.

That’s p. harsh. I just wanted to confirm it since all of my alarm bells are going off, but I don’t know a ton about this shit.

Quote
She was 100% swindled, these types of scammers are very common nowadays. They either solicit calls through malicious websites, or make unsolicited calls and try to convince their victims that their flux capacitors are broken and that it must be immediately fixed through a remote session.

There are red flags all over the place here, including your screen photo which clearly indicates that the command the scammer ran was not found on the system. And the actual "output" in the terminal just doesn't look like something that would come out of any scanning software. Most likely, the scammer had this copied and pasted it into the terminal to make it look legit.

It's really disheartening that people fall for it, and even more depressing that there are people out there who would prey on others' lack of tech aptitude.

For educational purposes, it might be useful showing her some of Jim Browning's stuff (https://www.youtube.com/channel/UCBNG0osIBAprVcZZ3ic84vw) - he's one of many people on YouTube trying to either waste these people's time or to minimise the impact of their activities. It might not be the most thrilling of content, but awareness of these sort of things is becoming pretty important.

Anyway, whether or not she needs to Reset Absolutely Everything™ depends entirely on what the scammer did while he had access to the machine. I suspect that we won't be able to find that out reliably. Without that knowledge, we can only speculate:
  • These guys are after money, and usually nothing else. If they already got their money, that might be the end of it.
  • However, we're basically dealing with some random guy who had presumably unlimited access to your friend's computer, and we don't know what he did. Personally, I would consider that a reason to go completely fucking paranoid and wipe everything, or at least reset any important passwords.
  • If payment was involved, it's important to find out how that took place. Was it a credit/debit card? Did they process the number? If so, they could potentially use it to steal money in the future. If it was some bullshit like them asking for an iTunes card, then her financial details should be more or less safe.

I'd say either try to find out more about what happened during their interaction to better inform decisions, or go full martial law on her computer and banking stuff just to be safe.

Thanks for this.

Thanks to Junker and Parsifal too.
Title: Re: Does this look legit?
Post by: Pete Svarrior on September 17, 2018, 06:22:40 PM
That’s p. harsh. I just wanted to confirm it since all of my alarm bells are going off, but I don’t know a ton about this shit.
I'm sorry if I've caused any offence. Basically, your alarm bells were so right that I had trouble believing you'd need to confirm it. Don't take it as an insult - it's the kind of stuff many people would troll about. In retrospect, it does make me sound like an asshole.

Ooh, also, if any money was exchanged, it might be worth contacting the authorities. I don't know how shit works in America, but there might be ways to stop the payment from being processed.
Title: Re: Does this look legit?
Post by: Dr David Thork on September 17, 2018, 06:46:11 PM
100% bonafide scam.

You don't need to do anything to fix the Mac. Its fine. As someone mentioned its a terminal prompt entry. They likely ran the tree command or whatever the mac equivalent is, and whilst it was executing, typed that into the prompt so it would print "Danger you've been hacked" or whatever after the tree command competed.

https://youtu.be/DkHsz8_xm3o?t=2m23s

Here's a guy doing it on PC.

They run a directory list command. Tell you it is scanning ... it isn't, its listing ... type something in and at the end of the script it says your PC is compromised and at that point you give them money to 'fix it' ... but there is nothing to fix.
Title: Re: Does this look legit?
Post by: Dr David Thork on September 17, 2018, 06:48:56 PM
Regarding payment ... if you used Paypal or credit card ... you can inform them and get a refund. You are insured against online crime.

If however you went and bought an iTunes card or some other stupid as hell form of payment and scratched it off to give them the number ... well stupid is as stupid does and you learned an important lesson.
Title: Re: Does this look legit?
Post by: Pete Svarrior on September 17, 2018, 06:51:01 PM
You don't need to do anything to fix the Mac. Its fine. As someone mentioned its a terminal prompt entry. They likely ran the tree command or whatever the mac equivalent is, and whilst it was executing, typed that into the prompt so it would print "Danger you've been hacked" or whatever after the tree command competed.
You do not know that's everything that happened. Yes, nothing in the photo itself is malicious, but we haven't seen everything that happened. It is not uncommon for these scammers to try and gain access to your online banking, and they could have hypothetically installed a more persistent way of accessing the machine remotely.

Is it likely? Not very. Is it wise to assume? I'd argue not.
Title: Re: Does this look legit?
Post by: Rama Set on September 17, 2018, 06:53:56 PM
My worry is that she gave away information or allowed access to parts of the computer that could be compromising. If I were her, I would have gone full paranoid, indeed I told her to Air gap her computer right away. Better safe than sorry.
Title: Re: Does this look legit?
Post by: Dr David Thork on September 17, 2018, 07:03:04 PM
I've seen a hundred of these scams on youtube. I dunno ... just like watching the scammers get wrecked by someone using a virtual machine on them.

I've never seen them install anything. They aren't sophisticated. They usually only have one alternative when things aren't going well and you won't pay ... and that used to be to syskey you in a rage quit (before microsoft removed it due to these scammers using it). Then they'd demand money to unlock the machine. I think nowadays they try to delete your system32 folder.
But they don't infect the machine as they haven't a clue how to undo that ... and of course they want to give you "life time support" meaning they can keep shearing their sheep.

Also Mac has a better user mechanism than windows making it much harder to start infecting it. Personally I wouldn't lose any sleep over it, as they got what they wanted ... your money. If they hadn't ... once they gained access via teamviewer or equivalent ... they'd have done the damage in that window.

Title: Re: Does this look legit?
Post by: Pete Svarrior on September 17, 2018, 07:13:22 PM
I've never seen them install anything. They aren't sophisticated.
You can find videos of scammers installing remote access tools on victim machines, or even going as far as to get someone to register for online banking with their own credentials (https://youtu.be/ucqli5i29jo?t=368). Without knowing what happened to Rama's friend, it would be idiotic to assume. Hence my suggestion of either trying to find out, or assuming the worst.
Title: Re: Does this look legit?
Post by: Lord Dave on September 17, 2018, 07:19:44 PM
The real question is: if he did fix it for some fee, what did he DO to fix it?  Cause that's where, if I were a scammer, I'd do the actual install.
"Yes.  I am installing this special fix to your computer.  The website is super secret so as to not be hacked by hackers to learn secrets.  That is why it is hard to type."
Usually the ones I get are "I am from Microsoft.  We have detected a virus on your computer and would like to help you fix it."
Normally I'm cool with going on and on but
1. it's usually a british number so it'll run up the phone bill.2. I've been busy lately.  It's annoying.
Title: Re: Does this look legit?
Post by: Dr David Thork on September 17, 2018, 07:20:52 PM
Indian scammers ... not so much. Russian scammers ... start again. Reformat the PC, hoover your room, wipe down your bathroom tiles and go ask your doctor for an enema. But the Indians tend to work off a script.

Via remote access ... they were given permission ... they weren't given passwords. Indian scammers don't use wireshark or anything else to get info on you. They just aren't very technical. And unless you had a folder marked "Bank details" on your desktop which you watched them open in front of you ...

You can go all 'better to be safe than sorry' ... but its a Unix machine. You can't gain entry without a password or a permission. And this user is obviously a novice who couldn't even get their network printer to talk to their mac ... so cleaning everything and doing fresh installs ... what are they going to do? Ask someone at the Genius bar to nuke it for just $700? I think the best advice is don't lose any sleep over it ... but hey, its a forum ... a place where we all give opinions.
Title: Re: Does this look legit?
Post by: Pete Svarrior on September 17, 2018, 07:23:40 PM
Thork, focus very hard on what I'm saying. I'll even make it bold for you. I am suggesting that we should find out what happened, and that making assumptions without proper knowledge is stupid. Telling me that your assumptions are super great because you've watched 100 hours of YouTube is unhelpful, especially when I already showed you an example of the script not being as simple as you assert.
Title: Re: Does this look legit?
Post by: Dr David Thork on September 17, 2018, 07:31:36 PM
Its an apple machine.

Assuming this user is as non-tech as the OP described ... they use it with their user account. Not a root account or admin account or whatever Mac say. To install anything that needs to execute, you have to enter a password. You can't just install malicious scripts in the same way you can on a windows PC. And I think even if it was a windows PC the risk is tiny.

But read this in bold ... what are they going to do? Ask someone at the Genius bar to nuke it for just $700.

Your bank is the place to go 'clean the problem' especially if you entered your 3 digit security number with the guy watching. However we don't know the payment mechanism. But I really don't think the machine is the thing to worry about.
Title: Re: Does this look legit?
Post by: Pete Svarrior on September 17, 2018, 07:34:24 PM
Its an apple machine.
TeamViewer works perfectly fine on Apple machines. Your computer's security is only good for as long as you don't push the "please don't secure my computer anymore" button. You do not know that this button has not been pushed.

But read this in bold ... what are they going to do? Ask someone at the Genius bar to nuke it for just $700.
That depends entirely on what actually happened. Until we have this knowledge, it would be idiotic to speculate. Rama's first step of airgapping the machine is perfectly sensible in the meantime.

Just a minor correction, though: As much as I dislike Apple, a Genius Bar appointment to whack a fresh OS install on the machine costs $0, not $700.
Title: Re: Does this look legit?
Post by: xasop on September 17, 2018, 07:35:17 PM
Assuming this user is as non-tech as the OP described ... they use it with their user account. Not a root account or admin account or whatever Mac say. To install anything that needs to execute, you have to enter a password. You can't just install malicious scripts in the same way you can on a windows PC.

This is wrong on so many levels. Just stop.
Title: Re: Does this look legit?
Post by: Dr David Thork on September 17, 2018, 07:38:57 PM
Ok ... so you are giving advice to this novice user ... someone who is already in the hole for a couple hundred dollars.

What advice are you going to give them that they can realistically be expected to perform?


My advice is "odds are tiny, don't worry about it". They can do that. What would you have them do?
Title: Re: Does this look legit?
Post by: juner on September 17, 2018, 07:40:36 PM
This thread has turned into something worse than what was originally described in the OP...
Title: Re: Does this look legit?
Post by: Pete Svarrior on September 17, 2018, 07:41:36 PM
What advice are you going to give them that they can realistically be expected to perform?
Without knowing what happened? Nothing. Tell me what happened first.

If you are unable to tell me what happened, well, let's start with getting your money back, so you're no longer a few hundred bucks in the hole - a vast improvement over your strategy of "lmao oh well" already! Call the authorities, call your bank, cancel the payment. Then, walk in to an Apple Store (yuck) and have your machine diagnosed for free. If all it needs is a wipe and reinstall, enjoy having that done as a courtesy service. It's an inconvenience, but at least now you're sorted.
Title: Re: Does this look legit?
Post by: Dr David Thork on September 17, 2018, 07:50:32 PM
What advice are you going to give them that they can realistically be expected to perform?
Without knowing what happened? Nothing. Tell me what happened first.
Oh, so same advice as me.

If you are unable to tell me what happened, well, let's start with getting your money back, so you're no longer a few hundred bucks in the hole - a vast improvement over your strategy of "lmao oh well" already! Call the authorities, call your bank, cancel the payment.
I've already said ... sort the bank. That's the problem depending on how you paid. If it was as clean (and stupid) as using an itunes voucher ... well you may as well have given Rushy some bitcoin money for all the chances that you'll get that back. But you won't be paying out again.

Then, walk in to an Apple Store (yuck) and have your machine diagnosed for free. If all it needs is a wipe and reinstall, enjoy having that done as a courtesy service. It's an inconvenience, but at least now you're sorted.
If you have Applecare, you aren't asking strange companies on the internet to install your printers and fix security issues. So there is no 'free diagnosis'. Its going to be your first born child and a kidney to have a 'genius' look at it.
Title: Re: Does this look legit?
Post by: Rama Set on September 17, 2018, 07:52:47 PM
This unfortunately coincided with her credit cards being compromised as well so she is currently locked out of her banking. Plus side is that she couldn’t give access if she wanted to.
Title: Re: Does this look legit?
Post by: Dr David Thork on September 17, 2018, 07:54:12 PM
I have some better advice. This woman sounds like she needs some financial education. She's a walking calamity.
Title: Re: Does this look legit?
Post by: Pete Svarrior on September 17, 2018, 07:56:32 PM
Oh, so same advice as me.
No, quite the opposite. I do appreciate your backtracking, though. You've done enough damage here and letting go would be the decent thing to do. I'm all for your "Oym a Nazi and also always right >o<" meme when you're not actually hurting people, but in this case you should probably just take a step back.

If you have Applecare
You don't need it in this case. Neither does your machine need to be under warranty.

This unfortunately coincided with her credit cards being compromised as well so she is currently locked out of her banking. Plus side is that she couldn’t give access if she wanted to.
Damn, that sucks. Good on you for trying to help her!
Title: Re: Does this look legit?
Post by: Rama Set on September 17, 2018, 07:57:43 PM
Thork I’ve already decided that Pete’s approach makes a ton more sense so you can stop trying to be right and continue plotting the demise of immigrants in the UK. Thanks though!
Title: Re: Does this look legit?
Post by: Dr David Thork on September 17, 2018, 08:04:59 PM
Thork I’ve already decided that Pete’s approach makes a ton more sense so you can stop trying to be right and continue plotting the demise of immigrants in the UK. Thanks though!
You're welcome. I'm not trying to fuck things up for you. I'm suggesting that sure ... if this woman can do all the things to clean a Mac without spending a fortune or that you will help her ... do it. But if she can't ... its already traumatic. There is no point in worrying her further when there is f'all she can do about it ... and for the reasons I outlined ... if you can't do anything to help, you can at least offer her some reassurance that she shouldn't worry herself sick over it. But sort the bank part out.  ;)

And lets keep threads about immigrants about immigrants and leave the rest of the forum clean. I see them everywhere I go as it is.  ;)
Title: Re: Does this look legit?
Post by: Lord Dave on September 17, 2018, 08:48:10 PM
This unfortunately coincided with her credit cards being compromised as well so she is currently locked out of her banking. Plus side is that she couldn’t give access if she wanted to.
Is that before or after?  I'm guessing after....
But good on their bank for blocking the fraudulent payment.
Title: Re: Does this look legit?
Post by: Rama Set on September 17, 2018, 08:53:04 PM
This unfortunately coincided with her credit cards being compromised as well so she is currently locked out of her banking. Plus side is that she couldn’t give access if she wanted to.
Is that before or after?  I'm guessing after....
But good on their bank for blocking the fraudulent payment.

Before.
Title: Re: Does this look legit?
Post by: disputeone on September 18, 2018, 06:41:06 AM
I'd complain here, I'm on the discord if you want me to make a personal army request.

https://www.youtube.com/watch?v=m2E_3ZYpNwk

How much do you know about the company? These guys can usually put ransomware on an entire network of scammers.
Title: Re: Does this look legit?
Post by: MegaMan2005 on September 18, 2018, 11:59:01 AM
I'd complain here, I'm on the discord if you want me to make a personal army request.

https://www.youtube.com/watch?v=m2E_3ZYpNwk

How much do you know about the company? These guys can usually put ransomware on an entire network of scammers.
Scammers, their just a growing yet outrageous community, if you really think about it you can get scammed by people just using an ad to tell of an idea, you buy it, they recieve and it doesn’t work as expected.