<div dir="ltr"><div><div>Ouch. No fun. Older people are targeted for all kinds of scams. While this one was not targeted at older people, it's an easy one to use on older people as the tech savyness just isn't there for most.<br><br></div>Put ANYTHING that is not windows on that laptop ASAP. I've been of the mindset to use something that doesn't look like what they're use to so they won't try to do the same old things and get frustrated with things not working.<br><br></div>I hope the credit card company works with them on the refund.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Oct 2, 2014 at 11:09 PM, Alex Carver <span dir="ltr"><<a href="mailto:agcarver+ale@acarver.net" target="_blank">agcarver+ale@acarver.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The charges, in theory, are being reversed by the company. I'm still<br>
trying to sort out the initial vector but it looked like it was an email<br>
that looked legitimate and claimed to be a Microsoft support affiliate<br>
(something that Microsoft already denies on their own website). The<br>
first leads to a second company and down the rabbit hole we go.<br>
<br>
That first company's email/ad said you could download a "free" program<br>
to helpfully analyze the computer for problems. Then it popped up a<br>
very official (meaning OS-like) window that said problems were found, to<br>
fix he had to pay $40. So my dad paid. It then did some churning at<br>
which point it said there were additional problems and he needed to call<br>
a toll-free number.<br>
<br>
So he called that number which went to a second company also claiming to<br>
be an affiliate. They had my dad go through various machinations to<br>
eventually enable Remote Desktop after which they remoted in and started<br>
showing him all sorts of things. Doing some remote forensics, I<br>
discovered they had wiped all the system logs (security, audit,<br>
application, and the powershell log) at the beginning of the call and<br>
several times during the call. Some of the windows that were displayed<br>
were actually fake images with lots of red text meant to cause fear.<br>
They were doctored versions of things like the "Programs and Features"<br>
control panel in Windows 7 except with extra columns and red<br>
highlighting. The agent on the other end said the computer had not been<br>
updated in over 5 years (false, it had performed an update only two days<br>
prior to the call). They could fix all these problems and ensure that<br>
updates would continue properly and uninterrupted for the low price of<br>
$349 per year. My dad paid the fee. No work was performed (other than<br>
an additional log wipe). The last update on the machine stayed two days<br>
prior to the call. However, they proceeded to show him another screen<br>
which showed fresh updates and then asked him to start up a browser<br>
visit several pages ***INCLUDING HIS BANK WEB SITE AND TEST HIS<br>
LOGIN***. One of the activities that they couldn't erase from the logs<br>
was a message about an attempt to stop a McAfee virus scanner (he uses a<br>
different one that they didn't notice so the attempt errored out).<br>
<br>
Doing a search for the company shows that even Microsoft is aware of<br>
them. They have changed their name at least once in the past two years.<br>
No work is ever performed on the machines, just a charge of $349 plus<br>
some software sitting on the machine that does unknown things (probably<br>
keylogging given the bank request). Even the uninstaller is cumbersome.<br>
Most programs simply ask, "Are you sure? This is going to erase the<br>
program" and then provide you with an OK button. This program pops up a<br>
huge dialog box advertisement that basically says "Wait, don't go. Call<br>
us and we'll help you out." then gives a number and a button to call or<br>
go to the website. There is no "no thanks" button, you have to close<br>
the dialog box with the upper-right close button. Only then does the<br>
uninstallation proceed.<br>
<br>
It was an awful scam from the beginning and he feels very sheepish for<br>
falling for it without even pausing five minutes to give me a call. My<br>
mom has already given him a bit of what-for because he didn't call me.<br>
However, I caught it quickly because I happened to call them the same<br>
day just a few hours later. Every single thing he mentioned in the<br>
story was a massive red flag that screamed "scam".<br>
<br>
I have no idea if the charges will get reversed or if he'll have to<br>
dispute them. Both companies sent back emails claiming they would do<br>
this. It's an unfortunate grey area since he did technically authorize<br>
the charges by giving over the credit card number. But the lack of any<br>
work plus attempts to compromise the machine would put it in the theft<br>
and vandalism category.<br>
<br>
In the mean time I had him replace all of his passwords, do a couple<br>
forced virus scans (I'm going to attempt a remote clamav scan later),<br>
and lock everything up. Fortunately only a week before I had taught him<br>
how to use GnuPG on Windows to encrypt some of his more sensitive files<br>
(including a password list since he had trouble remembering so many<br>
passwords -- I switched him to KeePass for that). If they had gotten to<br>
that list or some of his sensitive documents, it would have been a much<br>
bigger problem.<br>
<br>
<br>
So back to the question, my reasoning now is to give them an interface<br>
that is comfortable and reasonably familiar, has more control over user<br>
versus administrator rights, is a bit harder to inflict damage (hard to<br>
install a Windows keylogger program on a Linux machine) and would give<br>
me a bit of an easier time doing remote maintenance. This won't happen<br>
right away, I would need to be there to do the initial setup. But it's<br>
planning ahead and they both seemed slightly interested in using it over<br>
Windows at some point.<br>
<div class="HOEnZb"><div class="h5"><br>
On 2014-10-02 15:53, Michael Trausch wrote:<br>
> I've been had once or twice before. But if I clicked the button to authorize the charge, and I got what was promised, then I would never charge back. Maybe I am missing something here, but it sounds like the person got ripped off somewhat, legally.<br>
><br>
> Just because it's immoral and unethical practice to sell free shit to people for high prices doesn't make it chargeback-worthy. We live in a society where people like me are scared to deal with mass customers for fear that despite operating legitimately, we may have to deal with chargebacks and the like, even in the case where the chargeback's root cause is embarassment or buyer's remorse.<br>
><br>
> Of course, if you didn't get what was advertised for the money, then a chargeback is always OK. But that seems to be the first thing people do generally these days and is one reason why I am leery to have an online storefront or similar. Most banks chargeback policies suck (and they're almost always hidden in the fine print).<br>
><br>
> Sent from my iPad<br>
><br>
>> On Oct 2, 2014, at 5:59 PM, Bob Toxen <transam@VerySecureLinux.com> wrote:<br>
>><br>
>> Hopefully, you had your Dad dispute the credit card charge as fraud and<br>
>> unauthorized with his bank! There's no paper trail so this is easy and<br>
>> it was UNauthorized fraud.<br>
>><br>
>> Bob<br>
>><br>
>>> On Sun, Sep 28, 2014 at 01:14:35PM -0700, Alex Carver wrote:<br>
>>> I need some suggestions on a lightweight desktop WM that would be<br>
>>> friendly to my parents that are used to Windows. My dad just got<br>
>>> scammed by one of these "driver update" scareware companies (it was a<br>
>>> pop-up ad) that charge high dollar amounts for installing free software.<br>
>>><br>
>>> I think it's probably time to shift them over to Linux, isolate them<br>
>>> from administrative functions, but leave the system looking friendly.<br>
>>><br>
>>> Ubuntu might be a bit too much and too heavy for their laptop. I tend<br>
>>> to use fluxbox but that's a bit too minimal. :)<br>
>>> _______________________________________________<br>
>>> Ale mailing list<br>
>>> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
>>> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
>>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
>>> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
>> _______________________________________________<br>
>> Ale mailing list<br>
>> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
>> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
>> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
>> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
> _______________________________________________<br>
> Ale mailing list<br>
> <a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
> <a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
> See JOBS, ANNOUNCE and SCHOOLS lists at<br>
> <a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
><br>
><br>
<br>
_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div dir="ltr">-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br></i></i></i></i></div>
</div>