You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Teamviewer scam

Today my Dad and I fell for the infamous "Teamviewer scam." We were trying to fix our NETGEAR wireless extender, and instead of mywifiext.net, Dad tripped across mywifiextnet.com. Both of us let our computers get accessed for probably a half hour or so (his is a Windows, and mine is a Mac running Mavericks), and I just want to make sure I'm taking all steps necessary to get rid of anything that might have put on my computer.


I changed all financial-related passwords (Paypal, bank account, Amazon account, iTunes, etc.) and decided to just go whole-hog and do a 7-pass Erase on my whole system (I will also be calling my bank in the morning for a new debit card and to set up fraud alert, since my info has been accessed before, and I'll probably call to have a new credit card issued as well). I backed up a few personal files to Google Drive, but I was wondering if there was any way those files might be compromised or corrupted? I don't want to download them and have them put something into my computer.


Since my laptop is currently undergoing the Erase process, I can't check, but he ran something in Terminal. Has anyone else had this happen before? I'm not sure what he brought up, but he tried selling me on the "people are accessing your network through you clicking ads while online shopping" or something (which was about when the warning bells finally started going off; unfortunately, Dad wasn't quite so receptive to the idea of it being a scam, so we downloaded Teamviewer onto his computer as well). I'm assuming if some sort of a program was run on my laptop, the 7-pass Erase will eliminate it?


Basically, I've never run headfirst into a scam like this before, and I'm absolutely terrified. My Dad insisted he didn't give the guy any credit card information, and I think he was on the phone with the same person the entire time, but I'm worried they may have downloaded files off of my computer. Is there anything more I can do?


Also, is there anything I can tell my Dad to convince him to take some of the same steps? I don't know what he uses his laptop for, but he thinks he'll be fine just running anti-virus/anti-malware software, and I know some of those can go undetected by programs. Please help if you can!

Posted on Jul 12, 2014 11:35 PM

Reply
Question marked as Top-ranking reply

Posted on Jul 13, 2014 4:27 AM

This definitely sounds like a scam to me. These kinds of scams are a dime a dozen. Often, the scammers are just interested in getting you to pay them for services that they have scared you into paying for. Typically, they'll tell you that you have malware or are being hacked, and they can "fix" it if you pay for a service plan.


There's no way of knowing, of course, whether the remote access you gave them might have been abused to install malware. It's a possibility, and the chances of that happening are hard to guess. So you've taken the right steps by erasing the hard drive, though note that the 7-pass erase is completely unnecessary. A simple erase would have done just as well.


More important is how you get back up and running. You cannot simply restore everything from your backups, as that may restore any hacks or malicious software as well. You should reinstall all apps from scratch, and should restore only documents (no settings files, system files, apps, etc) from your backups.


Let your dad know that there is no anti-virus software on the planet that can protect him against malicious software installed by someone with remote (or physical) access to his computer. If malicious software was installed, it may not actually be malware - it could be legit software being used for malicious purposes, or could even be changes made to the system's configuration to open a backdoor. These things cannot be detected by anti-virus software. It may very well not be necessary, but to be safe, he should do the same - erase his hard drive and reinstall everything from scratch.

31 replies

Apr 27, 2015 6:19 AM in response to kathrynfromtaylors

You are wasting your time.


The scammers behind these kinds of incidents are not in any way related to Western Union, Bank of America, TeamViewer, etc. By suing those companies, you achieve absolutely nothing, other than throwing good money after bad. You will end up paying a bundle in legal fees with no gain, and the scammers will be completely unaffected. They will have moved on to their next set of dummy accounts and will be scamming someone else. Even if you could track them down, they're probably in some country where you can't touch them.


In the case of Western Union not recognizing the charges as fraud... technically, you did pay the scammers of your own volition. That puts you on shaky grounds to press a lawsuit.


By all means, report the fraud to every authority you can, but don't waste your time suing big companies who were not involved in the scam. Csound1's analogy of expecting Ford to take responsibility for what you do with your Ford car is particularly apt.

Apr 27, 2015 6:23 AM in response to Csound1

The caller identified himself as being from Teamviewer. They read the information directly off of my contract to prove their identity, information the could not have accessed other than directly through the actual contract and the remote bot which was installed on my website was downloaded directly off of their website and was clearly labeled.


The logical conclusion is that someone who works at Teamviewer is less honest than he should be or they failed to protect their private files, which they clearly have a responsibility to do since they deal in sensitive information, and even if hacked, unless they can prove they have been hacked, its their problem. The theory that implicates the CEO is that as the head of the LLC, he knew or should have known that one or more of his employees has a propensity to be less than forthright about his honesty and even if the employee is arrested, he is still ultimately responsible for anything that is done in the name of his company. That is why, even though it is financially lucrative to be a CEO, with power and authority comes a great responsibility. As the CEO, you and only you, represent the entity by dint of filing the LLC or Articles of Incorporation identifying yourself as the responsible party. If they were intelligent, he is protected by liability insurance for the financial issues, but that will not protect him against criminal charges and even if insured, the insurance carrier may not cover the loss if a criminal charge is proven.


Even though the person tried to erase the information from my e-mails, he only was able to delete the Outlook side of the data. The rest of it remained alive and well in my on-line e-mail account. And even though they may have deleted the original activity on the visual side, your computer keeps a footprint of every activity ever done on your computer so its all still sitting in the computer for the police to discover. It won't be difficult for a computer forensic specialist to pull a complete tracking record from my hard drive or theirs to show what activity occurred. With the bot, all they have to do is ping the server to locate the point of origin. The ping will track back through all contacts until it reaches the point of origin. There is no way they can hide it. They will also be able to trace the phone records back to the point of origin using the phone numbers provided. Even if they are using disposable phones, the computer records will identify them. They are also dumb enough to wire the money to a company that takes security tapes of all transactions to monitor the actions at their counters so the perpetrators will be relatively simple to match up with the photos. They also involved Bank of America as an agency to receive the funds, and Bank of America has been notified. They will potentially join Wells Fargo in any legal action against the perpetrators and probably are after them through their own fraud department. That is something the police will handle.


Does that answer your question?

Apr 27, 2015 6:32 AM in response to thomas_r.

Again, you are incorrect. However, this is something the banks and police will sort out. Unless you are an expert in law, your opinion in the matter is your opinion and very little else. I don't have to sue them. The banks are already going to do it themselves. The rest will be sorted out by the federal investigation. Because of the nature of these frauds, there is an active effort to eradicate these perpetrators with full cooperation between the agencies and also with Interpol when a foreign national is involved. It will be totally up to them as to who gets sued, who gets arrested and who gets exonerated.


They should have followed the advice of the old Vaudeville routine and paid the $2.00 instead of trying to wriggle out of it.

Apr 27, 2015 6:43 AM in response to Csound1

I may not even know the ultimate results myself. Once it goes to the bank fraud investigation department and the legal authorities, I will probably never hear from them again. The bank's only obligation to me is to make me financially whole again. They are not required to notify me what happens after that. Unless I am called in to testify, which I might be, I will probably not even know anything was accomplished. I have agreed with all agencies involved that I will testify if need be, but my computer will give them more information than I can so my information is probably only probative to the issue. I strongly suspect this fraud is but the tip of the iceberg because I see indications through other chat boards that this activity is prevalent world wide, which is why I mentioned that Interpol could also be working on this.


When and if the case finally cracks and the perpetrators are rounded up, it may possibly show up on the news. Goliath was not slain by an army, he was mortally wounded by one small boy, a slingshot and a rock.

Apr 27, 2015 7:14 AM in response to kathrynfromtaylors

kathrynfromtaylors wrote:


Unless you are an expert in law, your opinion in the matter is your opinion and very little else. [...] Because of the nature of these frauds, there is an active effort to eradicate these perpetrators with full cooperation between the agencies and also with Interpol when a foreign national is involved.


I may not be an expert in the field of law, but I am an expert in the field of hacking and malware. You have a very, shall we say, optimistic view of how these things work. In the vast majority of cases, the perpetrators in cases like this are never even identified, much less caught. There are many countries in the world that either don't have good cybersecurity laws or don't enforce them (either due to lack of resources or because they simply don't care). And that's assuming that the scammer in question can even be identified.


Consider the example of the Target breach. Major news. Huge fraud. Should be a top priority for cybersecurity law enforcement worldwide. You'd think that the hacker(s) behind it would be swiftly found and apprehended, right? And yet, almost a year and a half later, we still don't really know who was behind it. There are some interesting clues, suggesting that the criminals involved are from Russia, but no more than that. No arrests have been made.


I'm not saying we shouldn't report these incidents to the authorities, and I'm not saying the authorities shouldn't bother trying to catch these criminals... but talk of lawsuits shows a fundamental lack of understanding about these scams. It's your choice, though... if you choose to pursue lawsuits against Western Union or TeamViewer, go for it. They won't work out for you, but I can at least say I tried to save you some money.

Apr 27, 2015 7:36 AM in response to thomas_r.

Again, while I appreciate your concern for my welfare, it is unnecessary. I will not be out any further money in this matter. As I stated. I do not have to file a lawsuit and I do know something about law, having worked for the courts in civil litigation for over 17 years. My paralegal certification listed me as a government Civil Litigation Specialist.


I know my frailties and that is why I turned the entire affair over to the experts. I don't need to catch them, but I do need to report their activities so that they come under the radar. Just because they haven't been caught before does not mean we should not make an effort to assist in any way possible to bring about their demise. Cheaters never prosper. They may get away with it for a while, but ultimately, they pay for their mistakes one way or the other. It is not the big mistakes they make that gets them caught, it is the little, stupid things that usually bring about their downfall.

Apr 27, 2015 7:39 AM in response to Csound1

You ask how I checked.....I was stupid. However, again, they could not have cited everything exactly as listed on my contract without access, either legally or illegally, to the original contract. The only reason they couldn't go back to my original credit card was because the bank's ready teller jammed and ate it so the bank had issued me a new one. Otherwise they could have used the credit card information and gone directly to the bank themselves.


We learn by our mistakes. That doesn't mean we have to repeat them.

Apr 27, 2015 8:08 AM in response to kathrynfromtaylors

kathrynfromtaylors wrote:


I do not have to file a lawsuit


That seems at odds with what you are advising to others reading this topic. Specifically:


File legal complaints against them immediately if they try to scam you.


and:


Be sure your demand includes a statement that should legal action be required you expect them to pay legal fees and interest at the legal rate of interest from the date of the transaction until it is paid.


Perhaps you do understand the futility of trying to file a lawsuit in this case, but your words could be interpreted by some as advice to do exactly that. I want to make sure than anyone reading understands that this is not something that is likely to be productive.

Apr 27, 2015 8:39 AM in response to kathrynfromtaylors

kathryn


I have to agree in total with my respected comrades that replied after my last post.


Let's look at your facts


  1. TeamViewer is a legit App, available on the iTunes App Store and elsewhere*
  2. " scam against me originated " = a couple of phone numbers used by the scammers
  3. " speaker identified self as Michael Wilson " = scammer #1
  4. " person I spoke with was identified as David Phillips " = scammer #2
  5. " companies they use for fraudulent wire transfers were Bank of America and Western Union. " = legitimate financial institutions handling payments authorized by YOU
  6. " Payees on charges were named Fernando Mancebo Ramirez and also Enrique Santiago, " " and payments were made through Western Union New York Address. " = scammer associates with IDs and addresses so as to legitimately gain access to the $
  7. " Western union ignored notice that charges were fraudulent and cashed them " = payments were not known by WU to be fraudulent as YOU initiated and authorized them

# 1 = Legit maker of tools - under no obligation to see whether their customer is a Grandma or a murderer -- just like a hammer made by Stanley Tools at HomeDepot
* the Scammers could very easily BUY TeamViewer legally and use it IL-legally... and no one involved with the manufacture or distribution of the tool is culpable for illegal acts


#2 = phone #s were likely obtained from service providers normally as any would be - and paid for with real $ by a "Shell Company" or individual using a a false name - with your rationale, the phone company should also be held liable for not vetting their customer


#3 &4 = THESE are the only REAL scammers identified... and the names are surely false


#s 5, & 7 = LEGAL, Authorized by you (electronically signed agreements are valid)


#6 = should State of New York ID issuer(DMV?) also be included in your conspiracy? How can anyone prove that they did anything but pick up $ for their brother-in-law?

I tried to dissuade you politely from pursuing litigation - the WU, BoA & TeamViewer are decidedly NOT criminal NOR are they civil matters of law.


All that will happen - as thomas_r says - is that the scammers will abandon the telephone numbers, get new ones and continue as a matter of their normal business practice. They really don't even NEED to be offshore to "promise you a level of service and fail to deliver as promised" - Small Claims Court (if that) but you gotta find them first


---


An example from my real life is analogous...


I am retired - actually caregiver to my parents. One Sunday afternoon, I walked through the house to the front porch, where my mother was handing a check to some nefarious looking fellas. After snatching it from her hand, this story unfolded...


These fellas were "Gypsy Home Improvement Scammers". They had convinced my parents that they would clean the outside of their gutters with "Behr Brand" grimy stuff cleaner(?) - producing slick brochure showing its features (these were actually stolen by the handful from a store display at HomeDepot). They had estimated the materials cost by measuring (pacing it off around the house) and come up with a quantity of 30 gallons of this Behr product needed - charging $20 per gallon (the stuff is actually pretty expensive ±$11/gal).


The check snatched was for $600. The stuff they were using in a 2 gallon sprayer was chlorine bleach & water. They were using my garden hose to rinse. As I had the cops on the way via cellphone 911 call, they were still trying to convince my folks to let them "finish" the job. After they left and after the cops left, they actuall came BACK to try again for a "Lower Price!!"


Who was guilty? Gypsies.

Who was not? HomeDepot & Behr (or the Bank that the check was drawn on)


--


YES. report the fraud. Then hide and watch as you describe.

Teamviewer scam

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.