Got that call that every IT expert fears; A client succumbs to a hacking scam and wants you to make everything right. Immediately.
My friend left three voice mails in a five minute period. I needed to call. A helpdesk technician had called to help with their system and everything is missing.
Long time friend, so I called back. I started with that friendly reminder. My portion of the dialog is indented.
“Unless you initiated the call, there is no Zen helpdesk that knows you need help with your technology. Not your PC or phone or Internet router. Did you call or did they call you?
Microsoft called me. They knew my system was running slowly and were so friendly and helpful and knew I had Windows 8.1
Really? For free?
They didn’t want a credit card number or money. Just access to my PC to help me.
Did you let them have access?
Yes, they told me how to let them access my system remotely. They were the Microsoft helpdesk from India. Since I couldn’t understand what they were suggesting, I let them have access. It only took them 30 minutes and they had my system repaired.
Did you watch what they were doing on your system?
No. They told me what they were doing while I listened on my phone. They told me the system was infected by the “Har Har Mahadev” virus.
(Unfortunately, I could see them chuckling ‘har har har’. ) I looked up the virus. Har Har Mahadev is a famous Bollywood Movie from 1950 about Shiva and his indecencies. Ouch. No such virus.
And what are the symptoms that caused you to call me?
When I login, there are no icons on my system and I can’t find any of my files. But it boots faster.
(I bet it does). Sorry, my friend, but system recovery is the least of your worries. They have all of your data.
You mean all my accounts and bank information and everything?
Yes, if it was on your system, they have it.
What do I now?
Call all of your banks and let them know before you do anything else.
But I don’t have my files.
Pause in conversation…
At this point, I walked him carefully through a System Restore process. We were able to use a recovery point just a few days old. The system appeared restored once we restarted.
I then pointed him to a Microsoft website that explains the scam (somewhat), and the detailed steps necessary to continue the recovery process.
From Answers.Microsoft.Com regarding Phone Call Scams.
I am not going to repeat the process that my friend needs to take. A few highlights follow.
- The best action is to isolate your assets – particularly your financial ones – as quickly as possible. Notify the banks. Notify the authorities.
- The specific value of creating the restore point was to provide access to account and contact information.
- Never save personal or account information on your system except in a digital vault or encrypted format. Back up account and personal information and store it in a physically secured location. Get it off the system before you attempt to validate any other functionality. Do it without a network or Internet connection. You have no idea how long you might have before a Logic Bomb (time, event, or action based) destroys everything on your system beyond recovery.
Once your personal information and identity is recovered, rebuild you entire system from scratch, starting with your OS, and including your applications and data files. There is no sure or secure way to identify the residue these hackers left. Their access was equivalent to sitting at the keyboard with administrative rights and the tools to take or leave any binary content they desire.
If you are willing, you can deliver your system into the hands of the authorities to see if they can find evidence for prosecution. Although recovery or compensation is unlikely. The best you might achieve is stopping these hackers form hurting someone else.
Hence this blog.
Don’t let it happen to you or someone you know. Share this with everyone you know.
Or redirect them to an article from the Better Business Bureau.
The scams are getting more sophisticated, bold, and realistic. As technology becomes more simplified for the end-user, lack of awareness will continue to create opportunities for hackers with slightly more knowledge.
Awareness and education are the first line of security defense.
Steve teaches PMP: Project Management Fundamentals and Professional Certification, Windows 7, Windows 8.1 and CompTIA classes in Phoenix, Arizona.