Avangate ? Legit?

Read Me.Phony "tech support" / "ransomware" popups and web pages

You were scammed. Report what happened to your credit card company and have the payment reversed. More importantly, have them cancel that card number immediately.

vsp5924 wrote:

Should I cancel everything or report to police?.

Both.

I hate to think what they "backed up". They probably looked for anything that would supply them with bank account numbers and their passwords; online passwords for other sites, and who knows what else. These people are crooks, nothing else.

The files they deleted were random choices, that I imagine they told you were viruses or other threats. They could have been minor items, or important system files.

You don't mention if they had you download and install anything, but if they did, they could have installed a keylogger, which is software that records all of your keystrokes and sends the data to a remote server. This is usually used to capture bank data, or anything they could use for theft; identity or financial.

If you have a backup that was made prior to this intrusion, you will want to restore it to remove anything they may have installed, or had you install. Before doing that, make a clone of the drive as it is to a new external drive. There may be evidence left behind the police could use. Then erase the main drive, reinstall OS X from scratch and restore your backup.

If the last backup was made after the breach, you won't want to restore that. Instead backup only personal data to another drive, such as Word documents, photos, and other personal files. Then erase the drive, reinstall your third party software, and then put your manually backed up personal files back on the drive.

will contact bank tomorrow

I was just about to say changing the password to you account online to get it done sooner. But if the crooks have the ability to monitor what you're doing on you Mac, that wouldn't help at all as they would see every change you make. For now, you can't do anything online that could give away login information for anything you would normally do via the Internet.

Mind you, this mostly depends on whether or not they had you install anything. If not, the possibility of this is much lower. Though one thing you should check is the System Preferences. They may have turned on Sharing so they can watch any activity you do on your Mac. Open the System Preferences and click on the Sharing icon. If any check boxes are on, turn them off.

If anything, they would have turned Screen Sharing, File Sharing, Remote Login and Remote Management on. Turning them off will kill their ability to watch your activities. That still won't stop a keylogger, a back door, or other remote access software they may have had you install.

I don't know how much an Apple technician would do for you for free, but you could certainly bring it in and have them look it over for you. Most likely, they will do what I suggested above to make sure nothing is left on the drive by wiping it clean and reinstalling the OS from scratch.

Make sure you have a backup of the drive before you it in. Generally, the store technicians will not do this for you. They will simply reset the Mac to a factory state and all of your personal data will be gone. Once you get it back, you would then have to reinstall your third party software from the original disks, or downloaded purchases. Then lastly, manually restore your personal data only. Do not do an automated restore from a Time Machine backup as this could put unwanted software back on the drive.

my Mac all of a sudden stopped working, after I had to contact them on 3 way with my credit card company to file a dispute, it "magically" started working again.

That is odd, though possibly unrelated. Still, I would keep that Mac disconnected from the Internet until it gets straightened out (i.e., erase and reinstall).

For crooks, trying to figure out to get someone else's money is their full time job. A couple of years ago, VISA's automated system flagged a couple of small purchases on my business card, and called to ask if I had purchased anything from those two vendors. I hadn't. They then went through the process of shutting down the card immediately. While I had them on the line for a while, the service person and I chatted. Turns out there are rooms of people who do nothing all day but try to find working VISA numbers. They all start with the same four numbers of 16, but that still leaves a LOT of numbers to try against 1000 security numbers. A staggering sum of possible numbers. But they sit there, day after day, trying one number after another for purchases online until one works. Then they make one or two more small purchases to make sure it's valid. After that, they make as many large purchases as possible before the card gets shut down. VISA caught the small purchases based on my buying habits, and their automated system made the assumption (correctly) that is was fraud.

The same person I spoke to had their own card used for fraud. There were suddenly thousands of dollars of high buck audio equipment charged on his card. Bad luck for the crook to use the card of a fraud investigator. It didn't take him long to discover it was the waiter who took his card to the back to pay for dinner who had written down all of the card's information. Needless to say, he was arrested.