Windows Office for Mac Scam - Foreign IP Address

Never ever call a number in an email or popup window. Hopefully you changed all your passwords since you let them browse your computer and you gave then your password. You should advise your finacial institurions and credit card companies if you provided access to your financial or private information.

Firstly, it's not a sophisticated scam at all. You can do a search and put in "_____ support", with the blank area being any well known tech company, and at least dozens of scam sites will result. They've been around for years.

Yes, we get it was an honest effort, but it's already been mentioned, Apple is not law enforcement. If your car were stolen, who would you call? The police, or the dealer you purchased the car from? Yeah, the police since the dealer will tell you the same thing.

And why, instead of a blind web search, did you not go directly to microsoft.com to ensure you would actually get MS for help?

You've gotten the best answers you can get here. Do what you can to secure your data. Change your passwords. Call your bank, credit card companies and other financial institutions. But most of all, fully erase your drive and do a restore from your last backup before this call was made. There's no telling what may now be on your drive that there's no guarantee you can find to make sure it's fully removed.

I would be very concerned about what what was pulled by the scan ... tax return copies, private letters, etc.

The computer-user world has long reported that calling a number in a pop-up is risky. Also that letting anyone you did not initially decide to contact (especially remotely) scrounge around your system freely is beyond hazardous. You chose to ignore those warning signs.

I am concerned they left something very-well hidden in your system. I suggest you clean-install a ground-zero MacOS, and be extremely picky about what previous data you reload.

EDIT: As Kurt Lang suggested, a backup from a KNOWN SAFE state works as well as "start from zero".

Oh, I have had these popups before. All of the buttons are links that link to official parts of the websites they are trying to fake, and so, of course, function perfectly. But before you click anything, you are still within the clone website, if you understand what I mean?

If you reside in the UK (apart from Scotland), you should contact Action Fraud, on 0300 123 2040 , or https://www.actionfraud.police.uk/, or if you live in Scotland, contact the police on 0808 164 6000.

If you don’t live in these regions, get in touch with your local authorities.

Recognize and avoid phishing messages, phony support calls, and other scams - Apple Support (CA)

In my experience Microsoft always has "microsoft" in their official links. Lack of that in a "official" link is a red flag, as is "setup.micosoft.com" (that misspelling was intentional).

This has nothing to do with Apple... not to mention the fact that neither Apple nor Microsoft are law enforcement agencies.

You got suckered into browsing to a scam support site. Report it to the police.

If someone who I did not initially ask to diagnose the general security of my device suddenly asked to root around in it from a remote site, that is a huge red flag.

Even internet companies usually "talk" you through changing router settings unless you really beg and plead for them to take control.

Well they can’t deal with every scam. Always ensure you go to an official url. If something looks suspicious, call Microsoft directly and ask them. I have never seen an official Microsoft popup tell you to call them directly, how on earth would a website know that there’s a problem with an Office install.

Common sense goes a long way to avoiding scams.

Office.com/setup is not the same as the link provided in your initial post. If you did indeed access the site listed in your initial post, it is indeed a scam site, and not Microsoft.

Maybe somehow you had some kind of virus on your computer. That is the only other explanation I can think of. Maybe it had an agenda to scam you, as you had previously installed some kind of dodgy software (may not have looked so on the surface). If you are super worried, you should probably reinstall macOS.

I hope you have better luck in future!

No one here knows what was going on with your system. These kinds of scams are very common.

Clearly, there is no scam button on any Microsoft websites. You may have been already scammed and directed to a fake site. Or maybe you may have already been scammed and you had malware that directed you to a fake site. You said that Malwarebytes removed something. That could have been it. Additionally, Malwarebytes will only remove what it knows about. It won't touch what it doesn't know about.

There is nothing that either Apple or Microsoft (or you) can do about such scams. In theory, you could report it to the police. That would be a waste of time, however. Laws don't apply to the internet. These kinds of scams and other illegal acts are run all over the world in the open. You've barely scratched the surface of how bad it is. You learned a lesson and you don't seem to have suffered any ill effects. That puts you ahead of most other people.