Veetr

Q: Remote access scam. What can they see?

So I fell for the tech support scam, but my mom ended the call when they wanted $100. I just followed the instructions the guy on the phone told me after I called them when I saw an alert pop up. I allowed the guy remote access to my mom's MacBook Air, which has her iCloud connected to it. A day after the remote access, my mom went to her notes on her iPhone and saw that she only had three left instead of the eighteen she had before the scam. I wanted to know if they were able to access her notes that are on her iCloud without me knowing. She has credit card information in her notes. Also, is it possible for them to continue the remote access even after closing out of logmein?

MacBook Air, OS X Server

Posted on Oct 2, 2016 11:23 AM

Close

Q: Remote access scam. What can they see?

  • All replies
  • Helpful answers

  • by Allan Eckert,

    Allan Eckert Allan Eckert Oct 2, 2016 11:25 AM in response to Veetr
    Level 9 (53,825 points)
    Desktops
    Oct 2, 2016 11:25 AM in response to Veetr
  • by LACAllen,Helpful

    LACAllen LACAllen Oct 2, 2016 8:24 PM in response to Veetr
    Level 5 (5,234 points)
    iCloud
    Oct 2, 2016 8:24 PM in response to Veetr

    Truthfully, there's no 100% sure way to know.

     

    Logmein may have a configuration option where they can connect again at will without approval. If they set that up, they may be able to still connect. They may even be able to access your Mac without being noticed.

     

    Your best option is to bring your Mac to a trusted partner and have them look. Or reinstall OSX to overwrite any modifications they may have made.

     

    Fwiw, if they took the data for her credit card information from her notes, there's no need to also take the notes.

     

    Have her advise her banks anyway to be safe.

  • by Eric Root,Solvedanswer

    Eric Root Eric Root Oct 2, 2016 8:24 PM in response to Veetr
    Level 9 (72,619 points)
    iTunes
    Oct 2, 2016 8:24 PM in response to Veetr

    Safari -Tech support scam pop-ups

     

    You should erase and reformat your hard drive, then restore your computer from a backup made prior to when you allowed them access. Change your passwords and other critical information also. You don't know what software might have been installed. If you paid them by credit card, contact the credit card company, and close out the credit card.

     

    Do a backup,  preferable 2 separate ones on 2 drives. Boot to the Recovery Volume (command - R on a restart or hold down the option/alt key during a restart and select Recovery Volume). Run Disk Utility Verify/Repair and Repair Permissions until you get no errors.  Reformat the drive using Disk Utility/Erase Mac OS Extended (Journaled), then click the Option button and select GUID. Then re-install the OS.

     

    OS X Recovery

     

    OS X Recovery (2)

     

    When you reboot, use Setup Assistant to restore your data.