[ale] Older parent friendly desktop WM

Bob Toxen transam at VerySecureLinux.com
Fri Oct 3 14:50:11 EDT 2014


DANGER!  LIKELY the company will do nothing and hope that your dad does
not notice until it's too late to dispute it with the credit card
company.

If it was "official looking" OR if it claimed to be free, it was FRAUD
and should be treated as such.

1. Have your dad ask his credit company if there is a credit for the
   charge.  Likely there is no credit so don't wast time with the
   swindler.  Proceed to step #2.

2. Help your dad prepare a letter to the bank (using the address listed
   for disputes on the back of the statement) or call the bank and ask
   for the address.

   Note the dollar amount, the transaction number, the date of the
   transaction, and the merchant name listed on the card statement.

   State that it the merchant fraudulently claimed to be Microsoft.
   Insist that the carge be removed for this reason.  Note that there
   was no signed receipt either.

3. Do NOT complain by any other form than letter sent via U.S. mail.

4. Send the letter certified, return receipt requested, to make sure the
   bank doesn't "forget".

5. Do NOT pay the portion of the credit card statement applicable to the
   fraud.  This is very important.  If your dad makes the mistake of
   paying that portion, the merchant will claim it is a "quality of
   service" issue, which is covered by "Regulagion Z".  As such, you
   only can do a chargeback on quality of service if he did not pay that
   portion.  I learned this the hard way years ago.

6. Have your dad sign the paperwork the bank probably will send.

Contact me offline at bob at VerySecureLinux.com for a sample dispute
letter, etc.  Anyone else is welcome to as well.  Regrettably I've had
lots of practice with this over the years.

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
Quality spam and virus filters.

"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond where
the shadows lie...and the Eye is everwatching"
-- The Silicon Valley Tarot Henrique Holschuh with ... Bob

On Thu, Oct 02, 2014 at 08:09:16PM -0700, Alex Carver wrote:
> The charges, in theory, are being reversed by the company.  I'm still
> trying to sort out the initial vector but it looked like it was an email
> that looked legitimate and claimed to be a Microsoft support affiliate
> (something that Microsoft already denies on their own website).  The
> first leads to a second company and down the rabbit hole we go.
> 
> That first company's email/ad said you could download a "free" program
> to helpfully analyze the computer for problems.  Then it popped up a
> very official (meaning OS-like) window that said problems were found, to
> fix he had to pay $40.  So my dad paid.  It then did some churning at
> which point it said there were additional problems and he needed to call
> a toll-free number.
> 
> So he called that number which went to a second company also claiming to
> be an affiliate.  They had my dad go through various machinations to
> eventually enable Remote Desktop after which they remoted in and started
> showing him all sorts of things.  Doing some remote forensics, I
> discovered they had wiped all the system logs (security, audit,
> application, and the powershell log) at the beginning of the call and
> several times during the call.  Some of the windows that were displayed
> were actually fake images with lots of red text meant to cause fear.
> They were doctored versions of things like the "Programs and Features"
> control panel in Windows 7 except with extra columns and red
> highlighting.  The agent on the other end said the computer had not been
> updated in over 5 years (false, it had performed an update only two days
> prior to the call).  They could fix all these problems and ensure that
> updates would continue properly and uninterrupted for the low price of
> $349 per year.  My dad paid the fee.  No work was performed (other than
> an additional log wipe).  The last update on the machine stayed two days
> prior to the call.  However, they proceeded to show him another screen
> which showed fresh updates and then asked him to start up a browser
> visit several pages ***INCLUDING HIS BANK WEB SITE AND TEST HIS
> LOGIN***.  One of the activities that they couldn't erase from the logs
> was a message about an attempt to stop a McAfee virus scanner (he uses a
> different one that they didn't notice so the attempt errored out).
> 
> Doing a search for the company shows that even Microsoft is aware of
> them.  They have changed their name at least once in the past two years.
>  No work is ever performed on the machines, just a charge of $349 plus
> some software sitting on the machine that does unknown things (probably
> keylogging given the bank request).  Even the uninstaller is cumbersome.
>  Most programs simply ask, "Are you sure?  This is going to erase the
> program" and then provide you with an OK button.  This program pops up a
> huge dialog box advertisement that basically says "Wait, don't go.  Call
> us and we'll help you out." then gives a number and a button to call or
> go to the website.  There is no "no thanks" button, you have to close
> the dialog box with the upper-right close button.  Only then does the
> uninstallation proceed.
> 
> It was an awful scam from the beginning and he feels very sheepish for
> falling for it without even pausing five minutes to give me a call.  My
> mom has already given him a bit of what-for because he didn't call me.
> However, I caught it quickly because I happened to call them the same
> day just a few hours later.  Every single thing he mentioned in the
> story was a massive red flag that screamed "scam".
> 
> I have no idea if the charges will get reversed or if he'll have to
> dispute them.  Both companies sent back emails claiming they would do
> this.  It's an unfortunate grey area since he did technically authorize
> the charges by giving over the credit card number.  But the lack of any
> work plus attempts to compromise the machine would put it in the theft
> and vandalism category.
> 
> In the mean time I had him replace all of his passwords, do a couple
> forced virus scans (I'm going to attempt a remote clamav scan later),
> and lock everything up.  Fortunately only a week before I had taught him
> how to use GnuPG on Windows to encrypt some of his more sensitive files
> (including a password list since he had trouble remembering so many
> passwords -- I switched him to KeePass for that).  If they had gotten to
> that list or some of his sensitive documents, it would have been a much
> bigger problem.
> 
> 
> So back to the question, my reasoning now is to give them an interface
> that is comfortable and reasonably familiar, has more control over user
> versus administrator rights, is a bit harder to inflict damage (hard to
> install a Windows keylogger program on a Linux machine) and would give
> me a bit of an easier time doing remote maintenance.  This won't happen
> right away, I would need to be there to do the initial setup.  But it's
> planning ahead and they both seemed slightly interested in using it over
> Windows at some point.
> 
> On 2014-10-02 15:53, Michael Trausch wrote:
> > I've been had once or twice before. But if I clicked the button to authorize the charge, and I got what was promised, then I would never charge back. Maybe I am missing something here, but it sounds like the person got ripped off somewhat, legally.
> > 
> > Just because it's immoral and unethical practice to sell free shit to people for high prices doesn't make it chargeback-worthy. We live in a society where people like me are scared to deal with mass customers for fear that despite operating legitimately, we may have to deal with chargebacks and the like, even in the case where the chargeback's root cause is embarassment or buyer's remorse.
> > 
> > Of course, if you didn't get what was advertised for the money, then a chargeback is always OK. But that seems to be the first thing people do generally these days and is one reason why I am leery to have an online storefront or similar. Most banks chargeback policies suck (and they're almost always hidden in the fine print).
> > 
> > Sent from my iPad
> > 
> >> On Oct 2, 2014, at 5:59 PM, Bob Toxen <transam at VerySecureLinux.com> wrote:
> >>
> >> Hopefully, you had your Dad dispute the credit card charge as fraud and
> >> unauthorized with his bank!  There's no paper trail so this is easy and
> >> it was UNauthorized fraud.
> >>
> >> Bob
> >>
> >>> On Sun, Sep 28, 2014 at 01:14:35PM -0700, Alex Carver wrote:
> >>> I need some suggestions on a lightweight desktop WM that would be
> >>> friendly to my parents that are used to Windows.  My dad just got
> >>> scammed by one of these "driver update" scareware companies (it was a
> >>> pop-up ad) that charge high dollar amounts for installing free software.
> >>>
> >>> I think it's probably time to shift them over to Linux, isolate them
> >>> from administrative functions, but leave the system looking friendly.
> >>>
> >>> Ubuntu might be a bit too much and too heavy for their laptop.  I tend
> >>> to use fluxbox but that's a bit too minimal. :)
> >>> _______________________________________________
> >>> Ale mailing list
> >>> Ale at ale.org
> >>> http://mail.ale.org/mailman/listinfo/ale
> >>> See JOBS, ANNOUNCE and SCHOOLS lists at
> >>> http://mail.ale.org/mailman/listinfo
> >> _______________________________________________
> >> Ale mailing list
> >> Ale at ale.org
> >> http://mail.ale.org/mailman/listinfo/ale
> >> See JOBS, ANNOUNCE and SCHOOLS lists at
> >> http://mail.ale.org/mailman/listinfo
> > 
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo
> > 
> > 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


More information about the Ale mailing list