Solved

Microsoft scam computer

Posted on 2016-10-24
10
62 Views
Last Modified: 2016-10-25
A moron friend of mine paid $300 for the scam about computer is infected.  I told him  to cancel the payment and unplug the computer.  He gave them access to the computer

Is he at any risk?
0
Comment
Question by:jrsitman
10 Comments
 
LVL 51

Assisted Solution

by:Joe Winograd, EE MVE
Joe Winograd, EE MVE earned 41 total points
ID: 41857984
> Is he at any risk?

In a word — YES! There's no telling what they did to his computer when he gave them access to it. Does he have his files backed up anywhere?
0
 
LVL 18

Assisted Solution

by:hopeleonie
hopeleonie earned 41 total points
ID: 41857998
If he has a backup reinstall / restore the computer.
0
 
LVL 23

Accepted Solution

by:
Dr. Klahn earned 254 total points
ID: 41858015
That computer can not be trusted again for any purpose.  It will be necessary to erase the hard drive and reload Windows from scratch.
0
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 41 total points
ID: 41858016
Let your friend know that the IRS (if you are an American) or the CRA (If you are a Canadian) is issuing a warrant for his arrest and he is being given this last ditch attempt to pay his outstanding tax bill by purchasing pre-paid credit cards and informing the person on the phone of the CC details.. If not he will be arrested within the hour..

Just one of many scams that are going around.  The CRA recently closed down a call center in India and have made many arrests

Restore from backup or flatten the machine and rebuild also change all passwords
0
 
LVL 61

Assisted Solution

by:btan
btan earned 41 total points
ID: 41858021
His machine is no longer trusted. Isolate the machine from any internet, change all his login credential (priority for those ebanking and online transaction) and password (go for 2FA for online). Rebuild the machine. Report the scam to Microsoft and also contact the bank that there is a scam transaction (they may still be able to withhold)
https://www.microsoft.com/en-us/reportascam/
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 16

Expert Comment

by:Malmensa
ID: 41858034
Yes, there is a risk.

Having said that, these guys have already got $300. Usually, that is what this type of scammer is after, they do not tend to plant Malware or anything.

If this is a home machine, and the guy does not care too much about any data he has, it may be OK to take the risk. If he has confidential information, or does banking, or runs a business, then it would be prudent to blow everything away and start again.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 41858109
agreed with all experts above.

what i am thinking are, why people could be so vulnerable to this kind of simple scam and keen to pay so much for something not existing at all? why could they be controlled in such an easy way? what are the common characteristics for those vulnerable people?
0
 
LVL 87

Assisted Solution

by:rindi
rindi earned 41 total points
ID: 41858170
Besides doing a clean installation as has been mentioned, change all passwords (email, cloud, user accounts etc.). If you had any banking and credit card info stored on the PC, get in touch with those institutions to cancel those cards or accounts and send you new ones. I'd also change the email addresses. If a phone number of the scammers is known, or also the payment address, get that info to the law enforcement agencies.
0
 
LVL 29

Assisted Solution

by:Sudeep Sharma
Sudeep Sharma earned 41 total points
ID: 41858339
Well if they said that you machine is infected then most likely they would have tried cleaning the system using some tools or application and also might have installed some AV product for which you might have been charged.

If you have made the payment using the Credit Card, claim the credit by calling your Credit Card company. Then as suggested above, clean wipe and re-install.

Take backup of your document/images/videos/favorites and other software license, if you don't have license keys of those software before wiping it out.

Sudeep
0
 

Author Closing Comment

by:jrsitman
ID: 41858695
Thanks to everyone.   I'll have him bring it to me to rebuild it
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now