- This topic has 2 replies, 2 voices, and was last updated 2 years, 8 months ago by
.
-
Posts
-
All,
On Monday, June 6, at 1730 I made my daily call to check up on my elderly parents. Now, let me set this up. My dad has always been one of the smartest people I have ever known. He is a retired successful small business owner. He builds street rods as a hobby. Very active in his church. Super sharp and with a healthy – healthy – sense of paranoia. And throughout the years he and I have had numerous discussions reference “safe computing” to include click-bait, drive by browser hijackers, etc. Well, in the last couple of years he has had a series of small strokes and they have affected his cognitive skills…to the degree that I had not fully comprehended.
On Monday, when I asked how their day had gone and my dad said “Well, I had some computer issues…” since I am the IT guru for the family and he had not called me I was immediately very focused. He went on to tell me that suddenly the computer locked up and would not do anything. Just frozen. Then he noticed a box that said if your computer is locked up, frozen, etc., please call this phone number for Microsoft Support and we will help get it fixed. I actually uttered an expletive and asked “Please tell me that you DID NOT call that number?” Oh yeah, he called it and the helpful “Microsoft Support” tech remoted into the computer and fixed him right up. “What time was all of this?” I asked as I raced to shut my shop down and get over to the house and start working on their computer remotely. Oh, about 1630 was the reply. So they had an hour head start on me. Could I possibly head them off at the pass?
Long ago I had set up Team Viewer free to remotely access Mom and Dad’s computer so that I could help them with little things. Print out stuff that someone had emailed to them, routine maintenance, even accessing their financial accounts. By remoting into their computer I did not have to have all of our combined banking stuff on my computer, I could keep them separate. So I remoted in and started looking for anything remotely suspicious and yeap, there it was. A remote access program that I was unfamiliar with that was on and just waiting for the bad guy to log back in again. I uninstalled it, ripped out anything else that I was not familiar with, launched a scan by PC Matic, then launched the Trend Micro Housecall online scan and then bailed out of the remote instance. From my laptop I next went to our shared bank to see if their accounts were showing any activity and…the password I had did not work. I called the bank after hours hotline number and dialed Mom and Dad into the call, explained to the bank that Mom and Dad had been taken advantage of and that someone had changed the login password and that we needed the accounts frozen until the next busines day when we could get some permanent things done. They did that and I moved on, telling Mom and Dad to call Citi and freeze that credit card.
I next took a deep breath and thought “You know, I am their email administrator, I’m going to start doing password recoveries as needed on their other accounts…” and so I administratively changed their email password to something very long and complicated and then started the password recovery process with their various online relationships. My thinking there was that the bad guys probably had their email access password so I wanted to block them from seeing what I was doing. This was a lot like the Mad Magazine Spy versus Spy, just not nearly as funny. Anyway, 1730-2230 Monday, to bed, back up and on it again at 0630 on Tuesday. I pumped out an emergency text to pilot friends saying that I needed to drop my Wednesday San Diego turn and one of them thankfully took that off of my hands and I now had a bit more time.
Yesterday (Tuesday, June 7) the bank confirmed that someone had changed the password on Mom and Dad’s internet banking access on Monday afternoon, but thankfully their $40,000 was still there in the account. Nothing had been taken. We closed those two accounts, opened new accounts and checks and ATM/debit cards are on the way to their house. Lots of paperwork involved, a flurry of it and calls back and forth with the fraud specialist at the bank. In between those calls I continued down the list of various accounts locking them down with new and very strong passwords and looking for any suspect activity. I used their Norton-LifeLock accounts to ease putting credit freezes on both of them. Amazon, get this, the bad guys had also changed their Amazon password. Talking with the fraud specialist she posited that their plan would have been that nobody find out about my dad’s experience before they could act. And they had set it up so that in the middle of the night they could log in and start draining the funds out of Mom and Dad’s bank, making purchases on Amazon, etc., such that Mom and Dad would not figure it out until it was simply too late. All of this stuff would have been covered by insurance, but that is more time and paperwork so thank God that the bad guys were thwarted.
Today I continue the Odyssey and will order them a new computer, work on getting their Social Security checks deposited into the new bank account and continue dealing with the other remaining myriad issues. So far I am about twenty dedicated and stressful hours into “the fix” for what should never have happened.
So, if you have an elderly family member or friend, or someone with diminished cognitive capabilities, you cannot counsel them often enough that if there is EVER a message on their computer screen to call a phone number – DON’T DO IT! Call you instead, or hit the reset and that will likely fix it as they have probably just clicked a click-bait link and resetting the computer will close that window. But don’t reopen that window until you figure out how you are going to get away from the browser hijacker that may reload based on reopening where you left off as, many people have their browser set to do.
Because I am intimately involved with my parents and managing their finances and because they really don’t have the skills to fix the damage that was done, this has so far taken me a lot of time and effort. I am going to replace their computer with a new one and look into something like “Net Nanny” to restrict what the computer can do and there are still lots of financial things to sort out. The whole exercise is just consuming…and that is without having lost a dime. As I said above, any losses would have been covered by the banks and credit card issuers, but that would have involved even more stress and time. So, there are several lessons here. Do not use the same password on multiple accounts, use a password manager to generate long and complicated passwords, don’t click on click-bait and educate family and friends. Like my dad said “He sounded so courteous and professional.” Yeah, he did, because he is a con man. If he wasn’t slick he would not be successful.
Be safe out there,
Phillip
It is exactly for this and so many other reasons that I no longer run Windows based machines, and have my systems locked down so tight my friends think I’m irrational … right up until they discover the hard way that backups should be a religion, and the most devastating computer attacks are wetware based with wetware targets.
When mom asked me to bring her down here, and it became evident we would have to do some banking by computer, the first thing I did was shoot every one of her credit cards in the head, and go to her bank and set an in-person go/no-go code with them. It’s like two-point ID. If they got a request, they texted me. If they didn’t get a certain code in response, they auto-locked the account and informed the fraud division automatically. (Part of the reason I love local small town banks!)
I only had to set off that auto-fail once when a check hadn’t been delivered in 28 days. I pulled the pin immediately upon hearing from the vendor … and naturally, the first check showed up a day later. Delay courtesy of the USPS. (Deep sigh of long suffering) However — it was comforting to live-test the system and see the speed at which it auto-locked the whole shooting match.
That being said, social engineering scams are particularly reprehensible. Therefore I don’t have much compunction against messing with them when they call. My record time for running one around the mulberry bush was about 45 minutes. He finally got wise and asked, “what version of Windows are you running?” I answered, “RHEL 6.” He asked, “What’s that?” I said, “The same thing the NSA uses.”
He hung up. Go figure. <.. 😛 ..>
An update:
tl;dr version:
1: If you are currently running an older Cisco router — retire it. Immediately! Check CISA for details.
2: If you are not running both LAN and Wireless firewalls (and Mac address filtering) do the homework, do the math and then implement both.
3: If you are using *either* an Android or Apple smart phone, establish parental controls in your router, and enforce those limits on your wireless devices. Trust they *will* try to get around it. But if you value your privacy and data, DO NOT let them have unfettered continuous access. Why? Go into your router logs and take special note of the URLs your device consistently targets. Then run “whois” (or equivalent) on those URLs and find out what — who your — device is talking to unbeknownst to you.
4: Of course, ALL printers are — and always have been — the twisted results of unclean pairings, but recently they have gotten much worse. If you have recently purchased and HP printer (no matter what flavor) do some extra homework before you turn it on, and think very hard before you allow it to sign you up (which they will do automatically by default) for either HP+ or Instant Ink. Watch the following links before you decide what to do.
Note that if you elect to stop those killer updates, you will ALSO need to log into the administrative functions on the printer’s web interface, and shoot it in THREE more locations.
Also note that if you elect HP+, it DEMANDS an open, continuous and unfettered connection to the internet. Yeah. No risk there, eh?
More later. WX is closing in and I’m about to lose my connectivity.
- You must be logged in to reply to this topic.