microsoft phone scam help :-/

Fiocca · 26 May 2011 at 17:01

I came home to find my step mum on the phone to "microsoft". I realised almost instantly it was the scam as soon as i saw the command promp window running so i killed it and disconnected the router.

I took the phone and wound them up until my mum said they wrote what was on the screen :-/ so im wondering what steps to take as i dont want to reconnect the router until i know the pc is secure.

Cheers.

Burnsy2023 · 26 May 2011 at 17:03

Can she remember what she did?

Malwarebytes + AV scan would be a good start. Reinstall if you can be bothered, if not you'll need to analyse running processes and look for rootkits etc.

Paul11 · 26 May 2011 at 17:03

did she enable remote access or give them her ip address?

Rroff · 26 May 2011 at 17:06

They usually try to get you to install teamviewer or VNC... (or they might use windows remote assistance but its less common).

If they didn't get her to install a dynamic DNS service to keep track of the IP or didn't have time to install one themselves then if you don't have a static IP they probably won't be able to reconnect again once the IP changes, so have a look for things like noip and dynaDNS.

Problem is theres no way of knowing how far they got and what they installed, might have already got a rootkit onto the PC so they can keep getting back in, or if the router itself supports a dynamic DNS client then they might have configured it there - or even opened remote admin on the router to themselves.

Fiocca · 26 May 2011 at 17:08

Well from what i can gather she opened command prompt, typed a command (as something something i think) then they told her to read the numbers at the bottom, ip address im guessing?? Thats when they connected and typed on the screen. I killed it about 5 mins after

Paul11 · 26 May 2011 at 17:10

this really ***** me off, how they can get away with stuff like this and easy it is for people to fall for it

matt_fsr · 26 May 2011 at 17:10

Burnsy2023 said:
Malwarebytes + AV scan would be a good start.

Never a bad thing!

My gut feeling is these scammers are aiming for maximum reward with minimum effort - hence doing Teamviewer etc, so I'd say its unlikely they've bothered with rootkits etc.

agnes · 26 May 2011 at 17:13

Do not reconnect, if you do, make sure your computer is 100% clean, if it were me, I would do a format and rebuild. You never know mate. Have you got a static IP? Or is it dynamic?

ags

krooton · 26 May 2011 at 17:13

Paul11 said:
this really ***** me off, how they can get away with stuff like this and easy it is for people to fall for it

Parent's logins shouldn't have admin rights

Rroff · 26 May 2011 at 17:17

Probably got her to go to a site like www.whatismyip.com - I'm not aware of a standard way to get the external IP from DOS as unless your using a modem directly instead of a NAT'd router it will just show router IP and local network IP which they can't connect to.

AFAIK usually they use DOS/command prompt to "show" you some random error to prove your PC "has" a problem.

Tefal · 26 May 2011 at 17:17

Paul11 said:
this really ***** me off, how they can get away with stuff like this and easy it is for people to fall for it

indeed.
you'd be hoping out foreign secretary would just be saying right then India no more 800million pound aid packets until you crack down on this illegal crap.

Energize · 26 May 2011 at 17:18

I imagine she was told to enable remote assistance?

Robbo · 26 May 2011 at 17:18

Honestly, people must be stupid to fall for this, no matter how computer-dumb you are you should still know its dodgy.

Fiocca · 26 May 2011 at 17:21

Well they directed her through to event viewer and used the standard warning symbols as a way of fear saying they were infections. They rang back 3 times cos i was trolling them lol. They knew her name when they rang and it sounded busy in the background so i cant imagine how many people are getting owned right now :-/ how can i find out if my ip is static or dynamic?

Ma'am · 26 May 2011 at 17:22

Robbo said:
Honestly, people must be stupid to fall for this, no matter how computer-dumb you are you should still know its dodgy.

Not stupid, just innocent. To the older person (and some younger people) computers and the internet is unfathomable. I could see some of my younger relatives falling for a scam like this.

Rroff · 26 May 2011 at 17:25

You'd have to ask the ISP if its static or not, if you don't know its probably dynamic - with most ISPs you have to specifically ask for a static one... however its probably beside the point unless you know for definite they haven't installed some software that keeps sending them the latest IP address every time you connect.

I'd take Burnsy2023's advice and run malwarebytes, etc. first off but without knowing for definite if they've installed a rootkit or similiar it would be safer to reinstall windows and have a quick look in the router control panel to make sure they haven't enabled a dynamic DNS service or configured remote access on it.

Burnsy2023 · 26 May 2011 at 17:27

Rootkit revealer from Sysinternals can help you discount rootkits.

Semple · 26 May 2011 at 17:29

krooton said:
Parent's logins shouldn't have admin rights

Exactly this! If a user's not that computer literate then they shouldn't have admin rights. At the end of the day it's their to protect them and their data.

4T5 · 26 May 2011 at 17:31

Tell your Parents they can't be trusted on the Interwebs & deny access forthwith.

Tomsk · 26 May 2011 at 17:33

Fiocca said:
.....how can i find out if my ip is static or dynamic?

Unfortunately with some ISP's, the dynamic ip address often doesn't change very often.
I'm with Be and I don't think my ip has changed for months.