Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

teamviewer fraud - how to protect mac

We were taken by a nice Indian gentleman who convinced us to install teamviewer and let him help us "fix" a problem with our email (he said it was causing problems with the internet). How do we make sure he didn't install anything malicious (i.e. like a keystroke trojan, or get our banking info, etc.)?


We are afraid to reconnect that pc (macbook pro with mountain lion) until we know it won't send our into around the world.


We did a search on any files on the hard drive that were modified during the call/teamviewer session.


We did see that there was activity in the metadata files associated with our contact list on that machine - i.e. during the call there were files created/touched under Library-Application Support-Address Book - Metadata. There appeared to be a file for each contact ... ABPerson.abcdp


Also files modified during that session included some files in Library-Caches-Metadata - Safari - History


The Indian gentleman told us that he could fix the error - he pointed it out in the teamviewer window - if we sent him money.


I unplugged our cable modem and he quickly hung up on us.


-What can we do to make sure we are safe to use this mac on the internet again? (please don't tell us you can fix it and ask us for money - we aren't falling for that one again)

MacBook Pro, iOS 6.1.2, mountain lion- not sure of version

Posted on Feb 23, 2013 11:59 AM

Reply
13 replies

Feb 23, 2013 12:18 PM in response to Betty_K

Betty_K wrote:


No. Unfortunately we don't have a backup. (We are old.)


Oh. Age does not stop data from getting lost, or being misused.


Is Teamviewer still installed (look in the applications folder) if it is uninstall it by opening the Teamvierer folder and selecting uninstall.


Frankly there is no way to tell what if anything, has been installed on your Mac,


I would erase the drive and rebuild it, and without a backup you're facing a real PITA.


Never respond to nice Gentlemen who want you to install stuff (especially remote control stuff), legitimate businesses do not operate that way, and in future, back up.

Feb 23, 2013 1:09 PM in response to Betty_K

One other detail - one of the safari history entries during the teamviewer session was for validator.w3.org.


We think they were just trying to make an error message come up to convince us to send money to allow them to fix and "protect" our system. The validator.w3.org site is just a safe service to verify that documents are genuine, right? Why else would a scammer want to go to that site - other than to get an easy error message for an unsigned doc?

Jul 3, 2013 10:42 PM in response to Linc Davis

This happened to me 1 hour ago. I googled linksys customer service number and called what looked to be an official number.


A guy answered and said they'd call me right back. This guy "Keith" called and told me to download the teamviewer (I have had router companies ask me to do this in the past and It seemed to work out fine so I didn't think too much of this) and give him the codes for remote access.


As he went through he looked at "active " devices running on my Internet. He showed me that 15 devices were currently using my router's wifi but I said theres no way as I don't even have the password, and then said he needed to check other areas. He then went through ipconfig which I've never had to do on a Mac.


I kept asking questions as to why we needed to do all this just to hook my router up (my roommate reset my router on accident so I was just trying to get it working and had some issues) when it was just restored to factory settings.


He told me he had to check why my password wasn't working to gain access to my router, and then started to run something where the small ipconfig window started repeating


"Scanning files scanning filled". .....


The whole window was filled with a million of these "scanning files" zipping across the little box screen at a mile a minute.


Then I finally came to my senses and pulled the Internet plug, hung up , and closed the teamviewer box and trashed it.


I changed the few passwords (iTunes iCloud and gmail) on the computer. Reset safari and tried to see if anything was installed.


He called back and I said something personal came Up and I had to go.


Worried now. I can't believe the top hit was a scam on google search for linksys.


Any advice on how to check if something malicious was put in my mac?


I tell ya the language barrier really helps with their scam. If it had been a well spoken English speaking person I would have clearly been able to identify the problem but I just kept thinking that we are not understanding each other which lead me to believe that's why we were doing all these steps.


I got to check this Mac out. If there's something to be done besides a whole restore please advise.

Aug 23, 2013 2:28 AM in response to Betty_K

I just had the same problem. First, note any sensitive personal information that you may have given away, or may be accessable on your computer in word or other files. If you gave away your credit card or other personal information, change/report it immediately!


As for what the scam artists may have put on your computer: take your computer to the Apple Genius Bar. They will check your computer for FREE and will most likely be able to quickly resolve any problems--even if you don't have Apple Care. I did this today. It took 5 minutes and they assured me that there was no malware on my computer. They did a scan of my computer, and checked to see if I had any unusual downloads, utilities, or applications.They told me that I didn't need to wipe my computer or anything so dramatic.


The Genius Bar was so helpful, they definitely made me even more of an Apple lover than I had already been. You can and should ask them all of your questions, if for nothing else than peace of mind after something terrifying, like this scam. (Also, I sincerely wish Google would not let scam artists advertise with them or show up as the first result on legitimate searches!!)


I hope this is helpful to someone. I feel immense gratitude to others in this post and the Genius Bar for helping me!!

Jan 17, 2014 12:52 PM in response to Betty_K

This is an old thread, but I just randomly pulled it up searching for something else.


First of all you don't mention who initiated contact. Did you call someone for support; or did you just get a phone call out of the blue? If you called them; then more than likely he was just trying to help. If anyone ever just calls you up (without you initiating contact) asking for remote access to your computer just laugh at them and hang up.


Stephen S - I just googled "linksys customer service number" the top 2 links on the page are clearly marked as advertisments, and nowhere in the URL do they say Linksys. You should always look at that URL to see if the business name is in it.


Legit businesses (like mine) do use remote software because it's so much faster for someone that knows what they're doing to do their thing rather than having to explain every little thing to the end user.

teamviewer fraud - how to protect mac

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.