C.

A reminder: please check the computers belonging to your elderly-but-computer-using #relatives. Ensure there aren't digital nasties on there. And when I say "check", I mean look yourself, don't just ask the #relative about it.

With age, people tend to lose some of their mental #sharpness, but it's not just poor memory or fuzzy thinking. They seem to lose some critical #thinking skills, and become more #trusting than they should, or more naive. I think this is what makes older folk the favourite targets of #scammers.

Yesterday, a relative called me in a panic about their laptop. This is someone who was a very high-ranking federal police officer, in charge of investigations for a large swath of the country - not someone to be easily taken in by smooth-talkers, at least not in the past.

I went over today and asked him what happened. "Some kind of warning came up" -- i.e. the "oh noes, this is #Microsoft, your #Windows is #corrupted, please call us so we can fix it" one. I asked "Did you do anything they asked you to? Download any programs, or run any commands, or anything like that?"

"No, no, I just phoned them and after they started asking for my address I got suspicious, I didn't do anything they said."

1/x

#TechSupportScam #TechSupport #RemoteDesktop

Jun 24 at 10:08pmWeb
Show threadC.2d ago

I open the laptop's lid and it sprang to life. There on the desktop is the open #LogMeIn support chat app that he downloaded, allowed to run, and then gave it permission to control his computer remotely. There were other signs - two open terminals running with administrative privileges, browser settings that had been changed, etc.

It was obvious he'd started by visiting some dodgy website and then allowing it to install a #browser #plugin. I found the installation date in a log. From there, it snowballed.

It had installed some system-wide malware which disabled a bunch of security features and made cleanup tasks difficult - couldn't open Windows Defender, Task Manager was wonky, updates turned off, even installed some group policies to make it so you couldn't un-do those things from the regular settings panels.

The final link in the chain was the system dialog that got him to phone in, and probably installed LogMeIn from there. I think the group behind it is called "YS" or similar. It had also dropped several suspicious executables in various places.

It took me two hours to clear everything out and reset every change they'd made to the system, and then another half hour to lock the system down a bit by uninstalling non-essential features etc.

There are federal holidays coming up in Canada and the USA that frequently result in big family gatherings. That would be an excellent time to check the computers of the hosts, if appropriate.

2/x

Show threadC.2d ago

A special "F U" to LogMeIn. It's a legitimate tech support app, commonly used in corporate help desk situations with remote support and all that. However, it's also easily available to scammers, and they seem to turn a blind eye to its abuse, because this has been going on for years with little done about it.

3/3