Don’t let them in!

Hello! If you’re reading this, it’s either Tuesday or some other day after that. Today we’re going to talk about how to handle someone wanting to get access to your computer.

Now, we here at CopyLady use a remote support system, but this is an authorized, safe use of it. (In fact, if you opt into CopyLady’s Gold Plus plan, you get two calls of that support each month!)

Today’s post will cover the bad actors who also use these systems. One topic we will touch on here is the infamous tech support scams. These scams come to you in one of two ways:

* From a popup: These full screen popups that occur while you’re on the internet, telling you that your computer has a virus, or has damage and that you need to call “Microsoft” right away to fix it. The best way to get out of this is to hit CTRL-ALT-DEL and terminate your browser, as these popups usually lock out your browser controls.

* From a random call: Sometimes, scammers will call you and say that they noticed unauthorized activity on your network or device, or even problems with your computer.

Fortunately, while these scams are starting to become less and less prevalent due to the FBI going after them, they are still out there. The majority of these scam call centers operate out of middle eastern countries, but do also operate in regions of Asia as well. While they were also in the US, the FBI saw to those quickly, raiding and shutting them down as they discover them.

WHAT KIND OF A SCAM IS THIS: 90% of the time, it’s more of a scam to extort money from their victims, but there are also operations out there that will try to steal sensitive info from their marks, such as social security numbers, Credit card numbers, Bank accounts, etc. The absolute majority of them, however, are just money laundering scams. Basically, they tell you that you have a virus or malware on your computer, and that they need to access your system to “clean” it. From there, they run several internal utilities, such as Event Viewer, in an attempt to scare their victims into thinking there really is a problem (Hint: Errors in event viewer are no big deal, every PC has them!)

From there, they will want you to provide either a debit or credit card for them to bill you for services, as well as trying to sell you a fake antivirus. They will even go as far as removing or disabling your legitimate antivirus to put theirs on, which offers about as much protection as not having anything at all! Did I mention that when they are on your PC, they will disable your keyboard and mouse in an effort to keep you from removing them from your system? They will indeed do this, leaving you to watch them commit their fraud, but there are ways out. I will describe them later.


WHO DO THEY IMPERSONATE: Scammers will impersonate pretty much any consumer facing tech company, such as Microsoft or Apple. They will also try to impersonate your phone or internet provider, often times spoofing their Caller ID information, tricking you into thinking it’s actually them. When in doubt, hang up and call right back at the official number. Doing this will disconnect you from the scammer, and connect you with a REAL representative of the company. They will quickly tell you that it was a scam.


WAYS THE SCAMMERS GET IN: There’s a large amount of methods that scammers use to gain remote access to your PC. Here, I will list the most common ones they use:

* GoToAssist
* LogMeIn Rescue
* Ammyy Admin
* Windows Quick Assist

While there are others out there, such as TeamViewer and Screenconnect, those have begun, if not already have been cracking down on the use of their services in these scams.


HOW TO SPOT SUCH A SCAM: These scams are fairly easy to spot. For one, Microsoft will NOT throw a popup in your face demanding you to call them, nor will they ever call you for any reason. If you get such a popup, simply open your task manager (Ctrl-Alt-Del) and terminate your web browser.

WATCH OUT: In some cases, it ends up being some weird form of malware that opens every time you turn your computer on. If this is the case, kill the task and run a malware scan, or consult your local PC repair shop.


Another form of this scam is getting a random call from someone pretending to be a software or support company, such as Microsoft or Geek Squad. Remember, None of these companies can see problems with your computer, and they sure as hell won’t call you to tell you about it!


WHAT IF THEY ARE LET IN: Once they are in, they will most likely immediately lock out your keyboard and mouse to prevent you from stopping or interfering with them. There’s two ways you can kick them out:

* Disconnect from your network: Simply turn off your WiFi or unplug your ethernet cable. This will break the remote session, allowing you to terminate their remote access software. If you are not able to turn off your device’s wifi (due to the scammer locking you out), you can unplug your router. This will bring down your internet access, but it will kick them out. Once the session is dropped, your keyboard and mouse should be unlocked.

* Power off your PC: Hold down the power button on your system for 7 seconds to initiate a hard shut down (Desktop or Laptop), or simply disconnect the power cord (Desktops only).

* Once you get them out, don’t reconnect to the internet. Consider your PC to be compromised. Either take your PC to a local repair shop ASAP, or back up any data and perform a full factory reset. FFR methods vary by operating system and manufacturer, but on Windows, you can hold down the SHIFT key while restarting your PC, and it will boot into a special menu. From here, you can perform a “refresh” or “Reset” of Windows. (NOTE: This feature is only available on Windows 8 and newer.)

* Change ALL of your account passwords. DO NOT DO THIS ON THE PC THE SCAMMERS HAD ACCESS TO!!!! Use another device to do this.

* Consider blocking access to remote support services (IF you do not intend to use them – See blog post on internet filtering)


Did you know that your device isn’t the only thing they want to get into? With today’s internet world, Scammers will attempt to target online accounts directly, through the same contact means. The only difference here is that they will want you to “confirm” your account, when in reality, they are sending you some form of account recovery. Once you accept this, you may was well kiss that account goodbye, because it’s going to take an insane amount of work to recover them, and in some cases, there is only a very slim chance of getting them back.

This is especially common with Google, Apple and email accounts. Once you lose control of THAT account, it’s only a matter of time before the rest get taken away as well. The scammers will change all the information on the account, then sign out ALL of your devices, effectively locking you out. Once this occurs, recovery becomes difficult, if not impossible.


KEEP THEM OUT: The best way to avoid getting scammed or compromised is to, well, not fall for it in the first place. If someone calls you and says they’re from Microsoft, Geek Squad, etc and says there’s a problem with your computer, just hang up. Don’t continue the call. Remember, Neither will call you about PC issues. (Well, Geek Squad might, but usually ONLY if you had them working on your PC. This call is usually to let you know either that the system is ready to be picked up, or some other issue occurred.)

Likewise, if you’re on the internet and you suddenly get a warning that your PC “is infected with a virus and to call an 800 number for help”, Press CTRL-ALT-DEL, open TASK MANAGER and terminate your web browser, or simply restart your PC.


WHEN IS IT SAFE TO LET SOMEONE IN: Remote support sessions themselves are 100% safe, It’s just knowing when is it safe to use such a service?

* When YOU make the call to your TRUSTED PROVIDER: A Trusted provider, such as CopyLady, will instruct you to establish a remote session IF you are requesting assistance with something that they can help you solve through a remote session. You can also request a remote support session from your trusted provider if you need their assistance.

WATCH OUT: Be sure you’re dialing the PROPER NUMBER for your provider. It’s not unheard of for scammers to squat on phone numbers that are similar to those of your provider. The same can be said for typos on website addresses.

* If you’re asking a friend or family member for help: Nearly everyone has at least one geek in the family, and that geek will know how to use remote support tools. Popular go-to’s here are Teamviewer and Windows Quick Assist. Just be sure you’re calling them and not some random person across town. (Although said person will likely inform you that you have a wrong number.)


Just in case I haven’t drilled this home, I’m going to keep drilling it:

[make this big]NO COMPANY IS GOING TO CALL YOU AND TELL YOU THAT THERE ARE PROBLEMS WITH YOUR COMPUTER. NONE! NADA! ZILCH! ZERO! BUPKIS! IF THEY DO, 100% CHANCE IT’S A SCAM. JUST HANG UP!*[End big]

* – Or feel free to waste their time. Just ask me about the time I did that, even going as far as letting them get access to an old beater PC that I didn’t really care about! (Fellow geeks: I encourage this. Wasting their time = Less time for them to scam. Just be sure to isolate it from your actual network!)