Zavions support for Mac, just charged me $499.00 for clearing a virus and and spyware off my computer after my Safari page froze and prompted me to call an 800 number leading to Zavions support team to clean up the problem. Are they a scam or a recognized support for Mac authroized by Apple?
iMac, Mac OS X (10.7.5)
They are indeed a scam. Your mac did not have a virus. If they were granted access to the computer, consider it as being compromised and arrange to restore to a backup that was made prior to granting them access. Also, contact your financial institution for steps to deal with fraud and a compromised credit/bank card.
Good you came back so quickly, stedman1. Sounds a nasty little beast, this Zavion.
Bamboo Healer wrote:
Are they a scam or a recognized support for Mac authroized by Apple?
Scam: "Ransomware" web pages.
The only legitimately authorized Apple support options can be found by using the Contact Us link that appears at the bottom right of every Apple web page.
If you allowed them access to your computer, I would strongly recommend to completely erase and reinstall as no one knows if they left anything installed.
Also, have your credit card company cancel the card immediately and issue a new one.
And, change all your passwords everywhere.
Yeah, these con artist seem bolder than previous. Normally the going rate for ripping you off, stealing your identity, and ruining your computer is only $200.
stedman1 wrote:
Normally the going rate for ripping you off, stealing your identity, and ruining your computer is only $200.
Yes, but that's the discounted rate from the usual $499.
John Galt wrote:
stedman1 wrote:
Normally the going rate for ripping you off, stealing your identity, and ruining your computer is only $200.
Yes, but that's the discounted rate from the usual $499.
Ah yes, the old "because you are valued customer, we have a special deal...... Just for you" routine.
CALL Your Credit Card Company NOW !!
With much due respect to our friend stedman1, he was a little 'light' in his recommendation to call your financial institution - I am not so subtle, as you can see from just above.
He is right about your Mac NOT having a virus. What you experienced is an AdWare/MalWare/Hack attack that somehow got attached to the website you visited - with collusion or hacked, it matters not. SCAM and THEFT - YES.
Our good friend thomas_r may be the 'Man on the Mountain' when it comes to Virus & MalWare issues. Here is a link to his article
in which he discusses the facts on the subject
While there, you may find his many articles and especially the tools & HowTos for AdWare/MalWare Removal handy - all of us trust these implicitly. In the rare event that his Tools and/or Tips do not succeed in removing the nasty stuff (provided you can tell) - he is very welcoming of a report so he can find and kill it - then add it to the arsenal.
ÇÇÇ
Wow! Cook your Mom breakfast and all this in the meantime! All GOOD stuff! - ÇÇÇ
Wow! Has anyone else gone to their site? (I don't want to post any link to it here). On their Plans page, they have all kinds of amounts you can choose for 24/7 help. But what should be a giveaway is that they all have a "Pay Now!" button next to each service. No one even asks first what your issue may be, or determine if you even need help. Nope, you cough up as much as $599.99 first, then they call you.
Bamboo Healer wrote:
Zavions support for Mac, just charged me $499.00 for clearing a virus and and spyware off my computer after my Safari page froze and prompted me to call an 800 number leading to Zavions support team to clean up the problem. Are they a scam or a recognized support for Mac authroized by Apple?
That was a scam. As others have pointed out already, you need to report this as fraud to your credit card company. You may or may not end up on the hook for the $499, depending on your credit card company, but you need to do this to ensure no further fraudulent charges appear.
In addition, you have given scammers access to your computer, supposedly for the purpose of "cleaning" it. Unfortunately, though, this means that your computer is potentially compromised now, and may have a keylogger or other spyware installed. There is no way to conclusively determine whether something malicious has been done. You will need to erase the hard drive and reinstall everything from scratch.
For more information, see:
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)
Kurt
I am a sucker for "Has anyone..." every time!
If I were them - or consulting them - I would put those Pay Now twangers front and center! Took me a couple minutes to find them under [Plans]
I got sidetracked by the misspellings and such - clearly not English as a first language, IMHO. [Refunds] tab caught my eye... Gobble-de-goop meaning nothing
https://www.dropbox.com/s/fz698cful5y2whx/ZavionRefundPolicy.rtf?dl=0 if anyone cares to read it in TextEdit made .RTF - they even misspelled their own name in it!
WhoIS = GoDaddy registrar
Visual TraceRoute = Switzerland(?spoofed?) Hosted
Safari (vintage) doesn't like the Certificate
Although the OP's description did not quite rise to the level of "ransomware" (thanks John Galt, Pulitzer for that) - more like P.T. Barnum's quote, methinks - I wonder what GoDaddy would think of their name and "Trust Certificate" being plastered all over these characters' site?
As thomas_r has advised, clean wipe seems in order - although my investigation did not show any level of sophistication - WHY wouldn't they attack me when I visit their site? Kurt too? We painted targets on ourselves by visiting the doggone place!
I guess they hired someone with a bit more ambition - " Why wait for them to come to us, Alexandrovich? We go to THEM! Invade Ukraine? Bah! We invade Amerika! "
I somewhat expected their site to lock Safari, but if a person thinks about it, that wouldn't be smart. "Hmm. I visit this site, and suddenly I can't leave it because I have an infection?" That's practically a guaranteed way to make anyone visiting the site not believe a word of it.
My old habit from my 'days in the biz' - donning the Hat of the Target Audience - (see PTBarnum)
A naive visitor might well think
Heck, they wouldn't necessarily need to do the LockUpBrowser thing - which was what I meant about "display the [Pay Now] list of services prominently, right up front. See 1, 3 & 4 above.
caveat emptor, mi amigos, caveat emptor
ÇÇÇ
Hi Bamboo Healer--just replying to provide an update to others who might search on this thread looking for the problem you initially reported.
Zavion LLC has expanded to Microsoft as well as Apple, and their tactics are becoming increasingly aggressive/devious. My Windows PC was attacked before my MAC--- the malware managed to bypass Kaspersky's Protection. Once it was on my system, it was very difficult to remove; until I could kill it, it completely blocked the Edge/IE browser from being used for other purposes, even after rebooting.
The malware pretended to be a message from my service provider asking me to call immediately; the number I was provided was 1 885 228 8700. I called and after he failed my test questions, I verbally wrestled with the respondent --- who initially claimed to be a Microsoft trained technician working for Microsoft --- until I got him to admit he worked for Zavion. Once I had the name, then it was possible with the help of a friend on another machine to get info on how to stop the malware -- rebooting didn't do the trick, had to go in and kill processes all the way down the tree. Nasty bit of work, Zavion.
Zavions support for Mac, just charged me $499.00 to remove virus and spyware off my computer after my Safari screen prompted me to call it's 800 number. Are they a scam?
