Scammer gained remote access to macbook

“How to respond …….”

http://www.thesafemac.com/tech-support-scam-pop-ups/

should I notify Verizon, my bank, etc etc?

The card issuer, definitely, because the charge was fraudulent. Check all other financial accounts for unauthorized activity. Beyond that, you need to recover the whole startup volume from the last snapshot taken before the attack.

OS X Yosemite: Recover your entire system

I think it goes without saying that you should notify whoever issued the card used to make the $300 payment. Linc gave great advice about recovering your system, and as for your son, I would stress to him most emphatically to never, never, never give anyone access to your money over the Internet unless it's a verified and secure site, like Amazon, eBay, or something like the iTunes store. You especially never give anyone access to money as a result of a pop-up window in your browser.

If you haven't already, once you get your system back up and functioning, install Adblock Plus in whatever browser you use. Not to mention, download and install Malwarebytes Anti-Malware for Mac, and run weekly scans to make sure you don't have any adware or malware causing the pop-ups in the first place.

Whatever you do, never use any kind of "anti-virus" or "anti-malware" software on a Mac. That's how you create problems, not how you solve them.

I've seen more than a few people here recommend using that program to scan for malware/adware. I don't understand what the problem with it is. I wouldn't recommend someone use something that hasn't worked for me or has somehow destroyed my hard drive.

You should erase and reformat your hard drive, then restore your computer from a backup made prior to when you allowed them access. Change your passwords and other critical information also. You don't know what software might have been installed.

Don't get upset by Linc's remark. He mistakes that software for an anti-malware app, which it is not, irrespective of the name. It is an adware removal app. And absolutely trustworthy otherwise recommendations would be blocked here. It is recommended by thousands here. Basically it does the same as the adware removal sequence that Linc posts, but it is much easier to use and it is update everytime it starts.

pinkstones wrote:

I've seen more than a few people here recommend using that program to scan for malware/adware. I don't understand what the problem with it is. I wouldn't recommend someone use something that hasn't worked for me or has somehow destroyed my hard drive.

Linc has a philosophical issue with that entire class of software, and is very outspoken about it.

Most other people will tell you there's nothing wrong with it. However, in a case like this, where a hacker has had remote access, there could be any number of malicious changes that do not involve malware at all. Thus, the only sure-fire way to make sure such a hacked system is safe is to wipe it clean and reinstall a fresh system. Restoring from a full-system backup (such as a Time Machine backup) from prior to the hack will do the job most easily.

If anyone can explain to you how your problem is even remotely related to adware, I'd like to see that explanation myself.

LexSchellings wrote:

He mistakes that software for an anti-malware app, which it is not, irrespective of the name. It is an adware removal app.

Actually, it's also a malware removal app, unlike AdwareMedic. Admittedly, there's very little need for that feature today, but there are still some people out there who have components of now-inactive malware, and it will remove that as well. However, as I pointed out, I wouldn't rely on that in a situation like this, where a hack does not need to involve malware.

Thomas, please consider changing the name..

Lex