AOL Tech Support / Scam?

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,728
Location
Horsens, Denmark
One of my better users got an e-mail claiming to be from AOL and requesting her username and password.

She knew this was probably a scam, deleted the message and went to Google. Did a Google search for AOL support and got a phone number. This is where the story gets a little foggy. She can't confirm exactly which number she dialed (old landline phone) or what website she was on (swears it was something.aol.com). But within a couple minutes the tech has remoted into her system and "done a bunch of stuff on the command line". At this point he says her system is infected with all kinds of stuff and that she should contact MS to have it cleaned. She thanks him, hangs up, unplugs her computer and calls me.

So here I am on the machine. Recovery Console has been installed, but NOD32 and MalwareBytes (part of my install, update automatically) haven't been run. To the best of my knowledge the system looks clean.

Thoughts?
 

P5-133XL

Xmas '97
Joined
Jan 15, 2002
Messages
3,173
Location
Salem, Or
Scary, you really can't know what if anything was done. You could run the standard anti-malware and see if anything is detected but there are no guaranty's even if nothing is detected. The only safe solution is a re-image or re-install from scratch (with a new username & password) and that doesn't do a thing for whatever information the tech was able to take away from the short visit.
 

Chewy509

Wotty wot wot.
Joined
Nov 8, 2006
Messages
3,357
Location
Gold Coast Hinterland, Australia
Agree with sd and h. Nuke it.

Also have her change any and all passwords in use... could be a case of he has remoted in, zipped up the user profiles, ftp'd them to another server - low and behold he has copies of all internet browsing history, cookies, email, etc... not to mention any documents, etc...

Or the guy is a prick and just told her some bs to scare her and have here waste a lot of time and money...

Not saying this has happened, just playing devils advocate...

PS. when I used to do virus/malware removal, I would always print out information on the malware and give it to the customer so they know exactly what I removed... (All major AV companies have online virus catalogues) if someone said to me that I had malware, I would be asking what it is...
 

ddrueding

Fixture
Joined
Feb 4, 2002
Messages
19,728
Location
Horsens, Denmark
That is one of your better users? :doh:

Indeed. She didn't reply to the scam e-mail with her username and password. She even knew not to trust the contact information or links in the e-mail. Independently going to (what she believed to be) the companies website and using contact info there puts her in the top 20% of my users. She didn't fall down until she allowed them to remote in without contacting me. Even this can be slightly forgiven as I have a kinda/sorta/contractor-ish relationship with them and the call would cost them money.

She had her passwords changed that night, I'll leave the nuke decision to her but monitor the system with WireShark while she is on vacation. If it twitches in the next week while idling I'll kill it myself.
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
The phone company would have a record of what number she dialed and she shouldn't have to wait on her phone bill to get it.
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,275
Location
I am omnipresent
I've heard of something very similar from a company called SmartSnake. I don't know if your deal is the same outfit or not, but SmartSnake's people phone and represent themselves as Microsoft employees selling a service for either one year ($200) or a lifetime ($450) of system maintenance. The maintenance includes installing an antivirus product, with their sales pitch indicating that whatever product might already be installed is somehow incompatible with the version of Windows or some other aspect of the computer. One of the people I know who actually listened to the whole pitch was told that MSE was "incompatible with wireless network connections", which was actually the point she realized she was being scammed.

Anyway, this shit is common and I'd be willing to be it's all being perpetrated by the same people.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
Indeed. She didn't reply to the scam e-mail with her username and password. She even knew not to trust the contact information or links in the e-mail. Independently going to (what she believed to be) the companies website and using contact info there puts her in the top 20% of my users. She didn't fall down until she allowed them to remote in without contacting me. Even this can be slightly forgiven as I have a kinda/sorta/contractor-ish relationship with them and the call would cost them money.

She had her passwords changed that night, I'll leave the nuke decision to her but monitor the system with WireShark while she is on vacation. If it twitches in the next week while idling I'll kill it myself.

The stuff that happens at your company frequently boggles my mind. I should not be surprised by this time. :lol:

I did not even know that AOL was still in business.
 

Howell

Storage? I am Storage!
Joined
Feb 24, 2003
Messages
4,740
Location
Chattanooga, TN
Google "AOL tech support" there are plenty of sites both in the main search body and side bar that are willing to help you with your AOL problems that are not AOL themselves. If you didn't notice the "ads related to" section that is.
 

Tea

Storage? I am Storage!
Joined
Jan 15, 2002
Messages
3,749
Location
27a No Fixed Address, Oz.
Website
www.redhill.net.au
If he was on a crappy VOIP line and had an Indian accent, he was certainly a scammer.

If, on the other hand, he really was from AOL, he would have had an Indian accent and been .....

.... er ... how was that again?
 

Handruin

Administrator
Joined
Jan 13, 2002
Messages
13,926
Location
USA
If he was on a crappy VOIP line and had an Indian accent, he was certainly a scammer.

If, on the other hand, he really was from AOL, he would have had an Indian accent and been .....

.... er ... how was that again?

My company's internal IT support is handled in India. It's fairly normal now to expect this. Unfortunately in most cases they aren't able to help over the phone unless its a basic password reset and have to dispatch someone local. They do seem to read from scripts and are willing to only go so far with help. It's a little frustrating because it seems to be time wasteful.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
My company's internal IT support is handled in India. It's fairly normal now to expect this. Unfortunately in most cases they aren't able to help over the phone unless its a basic password reset and have to dispatch someone local. They do seem to read from scripts and are willing to only go so far with help. It's a little frustrating because it seems to be time wasteful.

Our IT is outsourced too. It's a bit goofy that you have to call somebody offsite to explain that the copier/printer is jammed or needs toner. Then they have to contact a technician onsite to arrive at the building and floor eventually to do something about it. Of course the number of local tech staff is not many.
 
Top