Holly Ditchfield Groll

Q: Scammer gained remote access to macbook

My son fell for a scam this afternoon where a pop up message in Safari claims that the user's computer is compromised and to call an 877 number for help.  When you call, they request remote access to your computer and apparently lock Safari.  Then they ask for 300 bucks in a Walmart card.  My son fell all the way and granted this criminal access to his computer via our home wifi to which we have connected 4 phones, 3 ipods, 1 pad, and one imac chock full of personal financial and other stuff.  The macbook and the imac are backed up by Time Machine.  Aside from his computer problem, my question is this:  aside from changing all of our passwords to every conceivable account or login, should I notify Verizon, my bank, etc etc?  For the time being, I've disconnected the wifi in my house completely.  Any advice?

imac 10,1, Mac OS X (10.6.8)

Posted on Aug 27, 2015 12:03 PM

Close

Q: Scammer gained remote access to macbook

  • All replies
  • Helpful answers

  • by dominic23,

    dominic23 dominic23 Aug 27, 2015 12:31 PM in response to Holly Ditchfield Groll
    Level 8 (41,517 points)
    Mac OS X
    Aug 27, 2015 12:31 PM in response to Holly Ditchfield Groll
  • by Linc Davis,

    Linc Davis Linc Davis Aug 27, 2015 2:04 PM in response to Holly Ditchfield Groll
    Level 10 (207,926 points)
    Applications
    Aug 27, 2015 2:04 PM in response to Holly Ditchfield Groll
    should I notify Verizon, my bank, etc etc?

    The card issuer, definitely, because the charge was fraudulent. Check all other financial accounts for unauthorized activity. Beyond that, you need to recover the whole startup volume from the last snapshot taken before the attack.

     

    OS X Yosemite: Recover your entire system

  • by pinkstones,

    pinkstones pinkstones Aug 27, 2015 3:45 PM in response to Holly Ditchfield Groll
    Level 5 (4,209 points)
    Safari
    Aug 27, 2015 3:45 PM in response to Holly Ditchfield Groll

    I think it goes without saying that you should notify whoever issued the card used to make the $300 payment. Linc gave great advice about recovering your system, and as for your son, I would stress to him most emphatically to never, never, never give anyone access to your money over the Internet unless it's a verified and secure site, like Amazon, eBay, or something like the iTunes store.  You especially never give anyone access to money as a result of a pop-up window in your browser.

     

    If you haven't already, once you get your system back up and functioning, install Adblock Plus in whatever browser you use. Not to mention, download and install Malwarebytes Anti-Malware for Mac, and run weekly scans to make sure you don't have any adware or malware causing the pop-ups in the first place.

  • by Linc Davis,

    Linc Davis Linc Davis Aug 27, 2015 3:52 PM in response to Linc Davis
    Level 10 (207,926 points)
    Applications
    Aug 27, 2015 3:52 PM in response to Linc Davis

    Whatever you do, never use any kind of "anti-virus" or "anti-malware" software on a Mac. That's how you create problems, not how you solve them.

  • by pinkstones,

    pinkstones pinkstones Aug 27, 2015 4:57 PM in response to Linc Davis
    Level 5 (4,209 points)
    Safari
    Aug 27, 2015 4:57 PM in response to Linc Davis

    I've seen more than a few people here recommend using that program to scan for malware/adware.  I don't understand what the problem with it is.  I wouldn't recommend someone use something that hasn't worked for me or has somehow destroyed my hard drive.

  • by Eric Root,

    Eric Root Eric Root Aug 28, 2015 8:44 AM in response to Holly Ditchfield Groll
    Level 9 (69,881 points)
    iTunes
    Aug 28, 2015 8:44 AM in response to Holly Ditchfield Groll

    You should erase and reformat your hard drive, then restore your computer from a backup made prior to when you allowed them access. Change your passwords and other critical information also. You don't know what software might have been installed.

  • by Lexiepex,

    Lexiepex Lexiepex Aug 28, 2015 8:51 AM in response to pinkstones
    Level 6 (10,477 points)
    Mac OS X
    Aug 28, 2015 8:51 AM in response to pinkstones

    Don't get upset by Linc's remark. He mistakes that software for an anti-malware app, which it is not, irrespective of the name. It is an adware removal app. And absolutely trustworthy otherwise recommendations would be blocked here. It is recommended by thousands here. Basically it does the same as the adware removal sequence that Linc posts, but it is much easier to use and it is update everytime it starts.

  • by thomas_r.,

    thomas_r. thomas_r. Aug 28, 2015 9:52 AM in response to pinkstones
    Level 7 (30,889 points)
    Mac OS X
    Aug 28, 2015 9:52 AM in response to pinkstones

    pinkstones wrote:

     

    I've seen more than a few people here recommend using that program to scan for malware/adware.  I don't understand what the problem with it is.  I wouldn't recommend someone use something that hasn't worked for me or has somehow destroyed my hard drive.

     

    Linc has a philosophical issue with that entire class of software, and is very outspoken about it.

     

    Most other people will tell you there's nothing wrong with it. However, in a case like this, where a hacker has had remote access, there could be any number of malicious changes that do not involve malware at all. Thus, the only sure-fire way to make sure such a hacked system is safe is to wipe it clean and reinstall a fresh system. Restoring from a full-system backup (such as a Time Machine backup) from prior to the hack will do the job most easily.

  • by Linc Davis,

    Linc Davis Linc Davis Aug 28, 2015 10:54 AM in response to Holly Ditchfield Groll
    Level 10 (207,926 points)
    Applications
    Aug 28, 2015 10:54 AM in response to Holly Ditchfield Groll

    If anyone can explain to you how your problem is even remotely related to adware, I'd like to see that explanation myself.

  • by thomas_r.,

    thomas_r. thomas_r. Aug 28, 2015 5:52 PM in response to Lexiepex
    Level 7 (30,889 points)
    Mac OS X
    Aug 28, 2015 5:52 PM in response to Lexiepex

    LexSchellings wrote:

     

    He mistakes that software for an anti-malware app, which it is not, irrespective of the name. It is an adware removal app.

     

    Actually, it's also a malware removal app, unlike AdwareMedic. Admittedly, there's very little need for that feature today, but there are still some people out there who have components of now-inactive malware, and it will remove that as well. However, as I pointed out, I wouldn't rely on that in a situation like this, where a hack does not need to involve malware.

  • by Lexiepex,

    Lexiepex Lexiepex Aug 29, 2015 12:17 AM in response to thomas_r.
    Level 6 (10,477 points)
    Mac OS X
    Aug 29, 2015 12:17 AM in response to thomas_r.

    Thomas, please consider changing the name..

    Lex