Think friend fell for phone scam - Gave them access to his Mac

Toggle sidebar Toggle sidebar
JeepinEd

JeepinEd

Senior member
Dec 12, 2005
869
63
91
A friend of mine got a call from someone claiming to be from the Mac server department. This guy claimed that my friend's computer got infected and needs access to his computer. Being a bit naive, my friend gave him access. While he was on the phone/on line with him, his wife figured she'd call me to get my opinion. None of the information this guy was giving me made any sense, so I told my friend to hang up and shut the computer down.

Now....
I'm not as familiar with Macs.
What damage could this guy have done, while he had access to my friend's computer?
Not sure how Macs handle all the stored passwords, could he have accessed them? (Will probably have him change them all, to be safe)

Any recommendations?

Thanks.

Ed
 
S

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
With remote access to the computer he could have done anything...installed malware, set up backdoor access, stolen data/info/passwords. And no, none of that would necessarily be obvious if he was watching what was done on the screen.

Recommendations? Disconnect the computer from any network and the internet immediately (to contain any potential exploitation that occured), back up important data to an external disk/flash drive, wipe the hard drive (DBAN or something else that 0's out the blocks), and reinstall the OS.

I guess your friend can chalk this up as a learning experience. Don't give people remote access to your computer.
 
lxskllr

lxskllr

No Lifer
Nov 30, 2004
59,182
9,658
126
My mother got that call this past week. The "tech" had her hitting the Windows key, but wasn't getting the results he wanted. He asked her what system she had, and she said she didn't know, and that her son(me) set it up. He hung up :^D That Ubuntu install paid for itself. I should probably send some money to the Debian project.
 
JeepinEd

JeepinEd

Senior member
Dec 12, 2005
869
63
91
seepy83 said:
With remote access to the computer he could have done anything...installed malware, set up backdoor access, stolen data/info/passwords. And no, none of that would necessarily be obvious if he was watching what was done on the screen.

Recommendations? Disconnect the computer from any network and the internet immediately (to contain any potential exploitation that occured), back up important data to an external disk/flash drive, wipe the hard drive (DBAN or something else that 0's out the blocks), and reinstall the OS.

I guess your friend can chalk this up as a learning experience. Don't give people remote access to your computer.
Click to expand...

That's pretty much what I figured.
After I gave him a through chastising, my friend called the real Mac tech support and they said that they get this call every day. According to Mac, they try to get you to give up your credit card number. The Mac people didn't seem to be too concerned about what the guy might have done while on line, and told my friend not to worry about it.

Personally, I would do what you suggested and will recommend it. Whether or not he actually does it, is up to him.
 
S

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
JeepinEd said:
That's pretty much what I figured.
After I gave him a through chastising, my friend called the real Mac tech support and they said that they get this call every day. According to Mac, they try to get you to give up your credit card number. The Mac people didn't seem to be too concerned about what the guy might have done while on line, and told my friend not to worry about it.

Personally, I would do what you suggested and will recommend it. Whether or not he actually does it, is up to him.
Click to expand...

Right. I've seen several videos on youtube of people that have recorded their interaction with these scam artists, and it typically ends up where the scammer will open up the system's event logs and start pointing to Error events (no doubt, probably every system has at least 1 error...although many are benign), and then they'll request credit card info to fix it. That's probably all that would have happened to your friend.

But there's always the possibility that the remote access was given to someone with other intentions, and that they could have completely compromised the system.
 
lxskllr

lxskllr

No Lifer
Nov 30, 2004
59,182
9,658
126
seepy83 said:
Right. I've seen several videos on youtube of people that have recorded their interaction with these scam artists, and it typically ends up where the scammer will open up the system's event logs and start pointing to Error events (no doubt, probably every system has at least 1 error...although many are benign), and then they'll request credit card info to fix it. That's probably all that would have happened to your friend.

But there's always the possibility that the remote access was given to someone with other intentions, and that they could have completely compromised the system.
Click to expand...

Yup. I'd put $100 on there being nothing wrong with the machine, but that can't be guaranteed. If certainty is required, I'd burn and rebuild.
 
JeepinEd

JeepinEd

Senior member
Dec 12, 2005
869
63
91
seepy83 said:
Right. I've seen several videos on youtube of people that have recorded their interaction with these scam artists, and it typically ends up where the scammer will open up the system's event logs and start pointing to Error events (no doubt, probably every system has at least 1 error...although many are benign), and then they'll request credit card info to fix it. That's probably all that would have happened to your friend.

But there's always the possibility that the remote access was given to someone with other intentions, and that they could have completely compromised the system.
Click to expand...

That's exactly what they were doing. When I got on the phone with him, the scammer was in the process of telling him that they have three preferred vendors contracted to fix this problem for a small fee. My friend said "Yeah, he pulled up all these errors and warnings caused by the hacker" That's about the time i realized he had given these guys access to his computer.

I think he learned his lesson.
 
VirtualLarry

VirtualLarry

No Lifer
Aug 25, 2001
56,570
10,204
126
lxskllr said:
Yup. I'd put $100 on there being nothing wrong with the machine, but that can't be guaranteed. If certainty is required, I'd burn and rebuild.
Click to expand...

This happened to a client / friend of mine, with an XP PC. They said the scammers were doing "rundll" commands. So who knows what they were screwing up. Backup and pave time...
 
postmortemIA

postmortemIA

Diamond Member
Jul 11, 2006
7,721
40
91
On Mac admin password is needed to install anything. Does he remember giving it to them?
 
S

seepy83

Platinum Member
Nov 12, 2003
2,132
3
71
postmortemIA said:
On Mac admin password is needed to install anything. Does he remember giving it to them?
Click to expand...

I have had almost no experience with Macs. If I put an executable somewhere in the Mac's file system, will it run?

My point being - with access to a Windows system, it can be exploited without anything being "installed" (in the way people typically think of software being installed on their computer).

Not telling them the admin password does not mean that the system wasn't exploited. On windows, or linux/unix, someone with remote access could potentially dump the password hashes, set up backdoor access to the system, crack the hashes offline and come back to pillage the system when they have root access.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom