Skip navigation

Have I Been Compromised? iYogi Scam!

7004 Views 8 Replies Latest reply: Mar 7, 2014 1:47 PM by thomas_r. RSS
Enio Cordoba Level 2 Level 2 (390 points)
Currently Being Moderated
May 11, 2012 12:15 PM

Hi

I did a very stupid thing. In multitasking many issues I needed to talk to Belkin support. I googled them and without paying attention I clicked on the topmost (paid ad) link. Not paying attention I got typical bangalore? tech support. All I wanted was the question How do I log into a router password & ip address answered. The tech was their usually over polite self and said he would fix the issue.

He said he would fix it remotely by logging into my system. Normally I would have said no way but I wasn't thinking. He downloaded a little app onto my system and was able to mess with my system. He needed a password for my router so I gave him one of my many lttle used ones. He kept putting me on hold while he "checked something" I was very careful to watch the screen though. He wanted to restart but I was in the middle of a download from adobe so I told him no. At the end  of about 5 minutes he started with a sales pitch of $459 and then took a drop to $169 for a service contract. When I refused and asked him who this company was he said iYogi and tried to convince me they were Belkin authorized TSupport.  When I refused to buy, he immediately forced my computer to reboot and then hung up. Upon restarting I noticed that Safari was trying to communicate/log in to something so I basically pulled the ethernet plug. I immediately changed all of my passwords regardless but I feel I may have something aboard my Macbook Pro

 

1 weeek later my Facebook page is acting weird, loading as text only. When I ran disk repair it gave a time of 1 hour 19 minutes but the bar never moved. Kept seeing Java repairs and some other stuff but when I finally checked permissions had been completed. Decided to run again. This time it said 1 hour 12 minutes but again the progress bar did not change. I did copy some of the Disk repair issues. Can anyone tell from this if it looks like I'm infected?

Suggestions/Solutions welcomed.

 

Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will not be repaired.

Permissions differ on "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/English.lproj/UIAgent.nib", should be drwxr-xr-x , they are -rw-r--r-- .

Repaired "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Support/Rem ote Desktop Message.app/Contents/Resources/English.lproj/UIAgent.nib".

Thanks

Enio

 

ps There is a page on the internet about iYogi scam that appears to be made by them singing their praises and blaming  in order to reassure people who think they might have been scammed

Mac Pro, Mac OS X (10.7.3), 2.66 dual core
  • varjak paw Level 10 Level 10 (167,195 points)
    Currently Being Moderated
    May 11, 2012 12:34 PM (in response to Enio Cordoba)

    Those messages regarding the ARDAgent are all normal and not an indication that your system has been compromised. The same probably applies to any Java permission messages you may see in Disk Utility. See:

     

    http://support.apple.com/kb/TS1448

     

    If, however, you allowed someone to download anything on your computer that allowed that person any sort of control over your system, you may well still be compromised. Since we have no way of knowing what he might have downloaded - if you didn't give him your administrator ID and password he probably couldn't have installed anything really nefarious, but we can't be absolutely sure - I'd recommend backing up all your important documents and content, erasing the hard drive, and reinstalling Mac OS X and your apps from scratch. That's the only way you can be really certain your system isn't compromised.

     

    I'd also suggest you immediately change passwords to any of your online accounts - bank, iTunes Store, etc. - as a precaution.


    Regards.

  • R C-R Level 6 Level 6 (13,835 points)
    Currently Being Moderated
    May 11, 2012 4:29 PM (in response to Enio Cordoba)

    FWIW, iYogi seems to be a legitimate remote tech support company, but with a recent history of high pressure sales tactics, according to this Wikipedia entry.

  • Tanit53 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jun 17, 2013 9:56 PM (in response to Enio Cordoba)

    Exactly the same thing happened to me. I thought I was ringing the apple help line, as iyogi comes top when I google searched apple, and they use the word apple n their advert. I was on the phone 3/4 hour. They directly accessed my laptop, though it was a problem with the ipad. I thought it was ok, because I thought it was apple.  Then they mentioned money in an indirect way at the end and I figured out what was going on. I'm a pensioner and dont have much understanding about all this and am now really worried. I gave them my phone number and email address as well, but no passwords.

  • DDCon Level 1 Level 1 (0 points)
    Currently Being Moderated
    Oct 29, 2013 8:25 AM (in response to Enio Cordoba)

    Sounds terrifyingly similar to my morning. i  Googled HP support for a phone nuber, called the first one that came up. I allowed them access. Then they wanted to charge me a ridiculous amount to clarify a scanning issue.  I hung up and shut down my Mac and when it started up again I had no access to any applications, AT ALL!!!. tried to reboot again and now it wont even turn on.  Iyogi IS without a doubt a scam in my opinion.  They wanted to know how many other computers were on my network etc.  Something needs to be done about these companies. Why is google allowing them to run the ads that they do?  There are enough legitimate paying companies that need to advertise they certainly dont need to accept cash from companies that are set up to scam peolpe.  Wasted half my day on this.  Now i have to go and cgange some passwords.    ANd no idea what wrong with my $4000 Imac

  • 13Deborah Level 1 Level 1 (0 points)
    Currently Being Moderated
    Dec 7, 2013 5:56 PM (in response to Enio Cordoba)

    I just encountered iYogi, and while he had access to my screen, he copied my Ethernet ID.  As far as I could see he didn't have any other access, other than that I had to enter my password, which showed on the screen as encrypted -- could he have captured my keyboard strokes?  I have cleared the caches in both Safari & Chrome; do I need to do anything else (short of the drastic steps outlined above); are they likely to have some sort of access to my computer now?

  • Betteb Level 1 Level 1 (0 points)
    Currently Being Moderated
    Mar 6, 2014 4:18 PM (in response to Enio Cordoba)

    Very distressing:

     

    My recent experience involved stumbling across iyogi when i was in a panick after my computer played up.  Thought iyogi was with Apple as that's how it presented in their ad.  I allowed them into my computer.  All seemed fine at first.  They downloaded Mackeeper which showed the bad shape my computer was in.  Then came the fee options (1, 2 or 3 yr) ranging from $330 up to nearly $600.  I agreed to take the one year and when it was time to pay, they provided a screen for putting in your details.  I said to the guy I did not feel comfortable about providing my details on that form and asked if they had P-Pal.  He questioned why I would want to use P-Pal and I told him it is the safest way to do transactions as that's what the ads say on TV.  He argued that P-Pal is not safe.  I still would not agree to putting me details on the form so he put me through to someone on the phone instead and I gave them my Amex card details.  Then they said it wouldn't process as the lines went down and asked if I had another credit card.  I got a really bad feeling and told them I did not feel comfortable about giving any further credit card information.  They convinced me it was safe and said it would be totally secure if I entered using the keypad of my phone instead of just giving them the number.  They said the payment went through and the guy said he was just going to do some tests on my computer.  I noticed that they put my on hold and did not talk to me while testing which I thought was strange as whenever Apple has helped me remotely they are always communicating with you while their doing things, telling you what they are doing step by step.  He was in there for a long time.  A screen came up that seemed to have historical data on it.  He then finally came back to me and said he was just going to put me through to another guy who was going to fix the problem.  By this stage I had been on the phone for nearly one hour.  He put me through to the other guy and the first thing this guy said to me was "what's your mother's maiden name?"  Right then I knew this was definately dodgy.  I asked him what he needed the name for and he said it was for security purposes,.  I argued how it could be when i've never given them my mother's name for any reason since being on the phone.  When he said that, I told him I no longer wished to go ahead with the service and that I wanted my card refunded.  He tried placating me, saying it's ok, there's nothing to worry about and telling me to calm down.  The more he talked the more panicked I became.  I demanded he reverse the transaction on my credit card. I demanded he get out of my computer and I told him I sensed the company is dodgy and that I was concerned that they have stolen my personal information.  He kept pressing me to continue, until I screamed at him that I will be calling my bank straight away to cancel all of my credit cards and to change all of my banking details AND that I was going to contact the Australian Federal Police to report their company.  He finally put me through to someone he said would reverse the transaction.  It was a woman and she too asked me for my mother's maiden name "for security purposes."  I just screamed at this woman.  Told her my mother's maiden name is not relevant to anything and that I wanted my credit card refunded.  Unbelievable she kept going on and on and on trying to press me to continue with the service and transaction.  It was not until she heard me talking to someone on my other phone (talking to my bank) and she asked who I was talking to, I told her it is my bank and now the bank person on the phone will be witness to the fact that you are refusing to reverse the transaction on a service I decided I didn't want.  With the bank hearing everything I told this woman I would be cancelling all banking details and changing everything and reporting their company to the police....... It was ONLY then that she agreed to reverse the transaction. 

     

    My computer is 5.5 years old.  I have decided to purchase a new one because I simply could never feel safe using that computer again.

     

    Very distressing.

  • thomas_r. Level 7 Level 7 (26,980 points)
    Currently Being Moderated
    Mar 7, 2014 1:47 PM (in response to Betteb)

    I can't wade through the whole of that story, but a few points...

     

    1) There's no need to purchase a new computer over this.

     

    2) You got scammed by a fake tech support company. It sounds like they may have refunded you, but I would still report the incident to your credit card company. I would probably ask for a new card to be issued and the old one cancelled.

     

    3) Since you gave these people remote access to your computer, you should erase it and reinstall everything from scratch. There's no telling what they may have done. See:

     

    How to reinstall Mac OS X from scratch

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.