Paco HopeApr 22

Welp, my mom had a good run. She fell for a scammer the first time ever today at age 93. I'm proud of her for lasting as long as she did.

Anyways, that's my evening and probably my weekend. If folks have recommendations for software, web sites, or methods for finding and eradicating malware, I'm looking for recs. Apparently the person had her on Teamviewer for several hours today. They had her change banking passwords, possibly installed malware. God only knows. My sister works at a bank and she was the "first responder" as they say. Banking is all cleaned up. We're not sure what else they might have done and that's my job.

The specs: Some ancient iMac (Intel CPU, probably 2017-2019 vintage). Very little software installed. Web browsers, Teamviewer (I use it with her), maybe one little recipe app or something.

I plan to buy her a new computer and manually move all her stuff from the old to the new. But what else should I check/do? Web pointers welcome.

She started using computers back in 2000 and she was doing video conferencing with me in 2002 using janky stuff like iVisit. She's been really good about not clicking on stuff, not opening attachments, etc. I've been really pleased. I'm trying to make sure she feels good about herself. She wasn't gonna beat these guys. She's done great to get this far without ever falling for it.

Show threadPaco HopeApr 22

Lucky for me, she uses protonmail (yeah, her son is in cybersecurity) and I can reach that from here. The attackers were sloppy. Didn't delete anything in the inbox (not sure if they had access or not). They didn't change the email password, so I wonder if they didn't get it.

I can see an Amazon password reset and a grocery store account password reset that my sister hasn't dealt with.

Show threadPaco Hope

If anyone wants to see the scam that got my mom, here's a video capture of what it does. It plays a computer voice saying fantastic bullshit like "Your computer has the identity theft virus".

I'm pretty sure this was malvertising. Looking at her safari history, she was on a grocery store web site trying to place an order. Then this URL is next in the history. And after that, it's all password change pages and such. I can't imagine she had any reason to click on something other than seeing a fake "security alert."

In the video, this is not fullscreen. But when I clicked that link, it went full screen.

What the hell, Paco, you clicked the damn link? Yeah, not on purpose. I was trying to right click it to copy it, and either TeamViewer misunderstood the click or I fat-fingered it. But, having made the mistake, I decided to shoot some video. I got lucky.

Here's the URL (still live as of about 60 minutes ago):
https: / / xdrty-c6e6cjecbve4f9bz,z02,azurefd,net/mhelpxxx/index,html?bcda=1-833-371-8269#%E2%80%99
#identitytheft #malvertising

Apr 23 at 12:55amWeb
Show threadPaco HopeApr 23

And now a funny commentary. This guy from India or Russia or whatever spent quite literally 3-4 HOURS with my 93-year-old mom trying to get her to install stuff, share her screen, and get through a password change. In that time she managed to install 2 apps and change TWO passwords. That’s it.

He should have been some kind of priest, rabbi, or imam or something. Patience. Of. A. Saint. Sad to think of this amazing super power going to waste on a life of crime.

I have to do these things with her and I can’t get them done any faster than that. But I don’t have the stamina to go 4 hours in the ring with her. 😜 This guy is impressive.
#identitytheft #malvertising #security

Show threadSimon ZerafaApr 23

@paco

Are any of the potentially compromised passwords used elsewhere? If so look at those sites and services and do password resets on them.

I would suggest using a password manager which you and mum both have access too. Bitwarden would be my suggestion but perhaps that making things to complicated?

Sounds like a MacBook Neo would be a potential replacement, if her needs aren't too extensive.

Scan the files on the current Mac before transferring them to the new hardware.

Otherwise securing banking and email is the top priority, which is covered. If thte got card details then alert the banks involved and request new cards. Update regular payments with new card details.

🙂🖖

Show threadPaco HopeApr 23
@simonzerafa She doesn’t exactly have passwords. What I mean is that every time she logs in somewhere, she pretty much does the forgot password flow. Her browser history leading up to this incident had 20-30 clicks to her grocery store where she was trying to login and then did the forgotten password. She used 1Password for many years. She is MY mom after all. But these days that has gotten a bit too much for her. 1933 was a long time ago.
Show threadSimon ZerafaApr 23

@paco

Indeed 1933 was some time ago. 1965 was also and I fell for a scam ( I was down with COVID at the time - only dented pride) so she's done well to last way longer than me 🙂👍

Maybe Passkeys and biometrics are the way forward for some folks after all? 🙂🤷‍♂️

Show threaddanimrichApr 23
@simonzerafa @paco
This got me thinking. Password managers are great and I've been trying to convince my parents to use one. But in @paco 's mom's case, it would have been a disaster had the attacker managed to get access to the password manager's database. So maybe biometrics and passkeys/Fido keys are the way to go. I think I should also consider setting up a network-based ad blocker like Pi-Hole.
Show threadSimon ZerafaApr 23

@danimrich @paco

I suspect that Passkeys might be a better option than password resetting to gain access.

It should be secure and transparent. The only issue is Passkey portability and account recovery should that be needed.

Bitwarden can be used to store Passkeys rather than the OS or Browser. Which I would recommend.

Passkeys are only as secure as the least secure recovery method. I do wonder how many scammers are technical enough to understand that though 🙂🤷‍♂️

Show threadSteggyApr 23
@simonzerafa @danimrich @paco Unfortunately, in my experience, passkeys in Bitwarden are too difficult for many elderly people to manage. I wonder how folks manage who don’t have younger technically savvy family to help them.
Show threadSteggyApr 23
@danimrich @simonzerafa @paco my mom is in her late 80s and has not been able to deal with a password manager at all. She also frequently has to do the reset password thing. At least she doesn’t use the same password for everything. We’ve had to resort to a printed sheet. It’s the only thing she can manage
Show threaddanimrichApr 23
@steggy
I think a printed sheet is quite okay if it's kept in a reasonably physically secure place and if all the passwords are different.
@simonzerafa @paco
Show threadSteggyApr 23
@danimrich @simonzerafa @paco that was my feeling.
Show threadPope Bob the UnsaneApr 23

@paco the scammer was probably someone being forced to do it. If you aren't aware, there is a large issue with people being kidnapped and essentially enslaved to scam people.

John Oliver did a bit about it in his story on pig butchering scams that's pretty digestible.

Show threadSteggyApr 23
@bobdobberson @paco yes, Paco and I had a whole discussion about it yesterday.
Show threadFritz AdalisApr 23
@paco
Azure Front Door, nice.
Show threadSheogorathApr 23

@paco related movie recommendation: Beekeeper (2024)

Beyond that: sounds all solid. There is some official guidance from the FTC on it:

https://consumer.ftc.gov/articles/what-do-if-you-were-scammed

What To Do if You Were Scammed

Find out what to do if you paid someone you think is a scammer, or if you gave a scammer your personal information or access to your computer or phone.

Consumer Advice