Hoax IT Support phone calls.

slinxy · 21 Mar 2012 at 15:19

Hi

I have a friend of a friend (really its not me) that's been hoaxed into allowing someone remote into there machine been taken to a website and basically forced by blackmail to enter their details in on a website; no doubt that would included their CC number.

I'm sure this has been posted loads of times before, I'm more interested in the tech that they used, as they are worried that the person will take over they machine again. As I have never had it done to myself, what system do they use to remote in to the end user? For example; RDP, Terminal Services, Team Viewer. Do they add any spyware on to the machine for future access? Or create any remote login accounts?

I'm not interested in blackmailing anyone myself, I just want to tell them how to check their machine so that the other person can't remote in again, so far since the info is 3rd hand, I just said backup data and format/reinstall.

Thanks in advance.

Jay794 · 21 Mar 2012 at 15:20

Unplug it from the internet, problem solved

freak2002 · 21 Mar 2012 at 15:27

Jay794 said:
Unplug it from the internet, problem solved

This.

Download on a seperate PC all the tools needed and clean it up. Alternatively, rebuild it.

To actually answer the question, sorry, I would guess some sort of RDP or VNC type app. Teamviewer would be easily detectable, as would log me in etc.

Mr. Peri Peri · 21 Mar 2012 at 15:42

As suggested above.

Also, could download and install a firewall such as Comodo or Zone Alarm. This should by default block all connections and ask permission to allow the first time they occur as and when.

This should make it fairly obvious if/when they try to connect again.

Siliconslave · 21 Mar 2012 at 15:49

theres a good chance its just used the microsoft remote connection system however its worth taking it completely offline, booting it up with a linux live cd to get any important files off and re-installing the os (or Ubuntu....)

BarBrawllin · 21 Mar 2012 at 15:50

I feel really left out i've not had any

then again i dont have a landline or a mobile

Andy · 21 Mar 2012 at 15:52

Block ports? Check system logs on the day of the call?

BarBrawllin · 21 Mar 2012 at 15:56

teamviewer i think can be manipulated into giving the router password for future access.....had an odd encounter a while back with a guy i trusted and let him teamview my system,didnt let him on it for long though as i got a bit paranoid and uninstalled it within 15 minutes.....i could see his screen and what he was doing so i know he didnt do anything dodgy whilst it was connected.....but a few months later he sends me a picture online and the filename just so happened to be my router password that i made myself and was rather obscure :rolleyes:

My guess is that teamviewer somehow can get access to the router password for some reason and sends it back to the other dudes machine(this is just a theory) in an encrypted format and then with a bit of magic can somehow decode this back to the original passowrd......or maybe he just used teamviewer to find my IP address then used other means to get it(i dont know much about teamviewer but maybe he could have downloaded the files that my browser uses to store the passwords?)....eitherway,dont do it

Mr. Peri Peri · 21 Mar 2012 at 16:06

BarBrawllin said:
teamviewer i think can be manipulated into giving the router password for future access.....had an odd encounter a while back with a guy i trusted and let him teamview my system,didnt let him on it for long though as i got a bit paranoid and uninstalled it within 15 minutes.....i could see his screen and what he was doing so i know he didnt do anything dodgy whilst it was connected.....but a few months later he sends me a picture online and the filename just so happened to be my router password that i made myself and was rather obscure

My guess is that teamviewer somehow can get access to the router password for some reason and sends it back to the other dudes machine(this is just a theory) in an encrypted format and then with a bit of magic can somehow decode this back to the original passowrd......or maybe he just used teamviewer to find my IP address then used other means to get it(i dont know much about teamviewer but maybe he could have downloaded the files that my browser uses to store the passwords?)....eitherway,dont do it

That sounds very odd and definitely not something Teamviewer would do automatically.

Have you stored your router password in your browser so you don't have to enter it each time? Or is the web interface on your router enabled?

Darg · 21 Mar 2012 at 16:08

Sounds like time for a complete format.

BarBrawllin · 21 Mar 2012 at 16:10

Mr. Peri Peri said:
That sounds very odd and definitely not something Teamviewer would do automatically.

Have you stored your router password in your browser so you don't have to enter it each time? Or is the web interface on your router enabled?

I used to store it in the browser,this was a couple of years ago and i've formated probobly 20 times since then

i always disable remote access/assistance and change the default passwords for that too.

freak2002 · 21 Mar 2012 at 17:33

BarBrawllin said:
I used to store it in the browser,this was a couple of years ago and i've formated probobly 20 times since then

i always disable remote access/assistance and change the default passwords for that too.

Key logger then.

Energize · 21 Mar 2012 at 17:35

Blackmail, did they have child porn on the computer or something?

Eliot · 21 Mar 2012 at 18:47

As above I would be interested in how they blackmailed and how powering off the machine straight away wasnt an option.

wedgie · 21 Mar 2012 at 18:53

I've had these idiots on the phone, they tried to use this place to gain remote access -

www.ammyy.com

As far as I know the site itself is legit, of course how they intended to use it was not.