h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

Last night, I fell prey to possible Hacker intrusion.

In a nutshell, the Help Tech convinced me to allow Remote Access to my laptop.

This flies in the face of everything I've been cautioned about concerning online scams... and I walked right into it!

This is how it went down:

I have for many years used Webroot antivirus software. It performs well, is intuitive, and has prevented numerous problems of intrusion to my fleet of laptops and PCs. (I've had up to 5 such using it at one time, when the household was full of family.) It has never let me down, and I frequently adjure others to use it.

Over the past several weeks, the app has been nudging me, with a pop-up window as a reminder, that my subscription was due to run out. I took it seriously, budgeted the money, and last night bought a 2-year subscription. I talked with my local Geek Squad rep at Best Buy, confirmed I was at the end of my license, and he coached me how to find a renewal on their website. I purchased via the secure BB website and received an email with a link to the Downloadable copy (vice using a disk).

I received a second email that provided a link to the Key Code that verifies my purchase and acts as a "license to use" the application. I tried to use the original on-board version of Webroot to update the Key Code, but there is no longer a button for that. I called the rep at BB back again, told him about the roadblock, and he gave me the web address of "www.webroot.com/safe" as the place to use to enter the license Key Code. I navigated to the Webroot loge site, typed in the Key Code, and got an Error Code stating it had failed to load. Frustration level went up!

I tried that several times, with the same result. Finally, I read the screen and noted the 1-800 numbers there to use if things went sideways. I used one and got hooked up to a guy with a foreign accent (named Alex), who said he was glad to help. All I needed to do was allow him Remote Access to my laptop so he could drill down and find the error. I agreed, since I was perturbed about round in circles with attempts to get the app to log the Key Code. I should have listened to my gut at that moment. Re-read the statement at the top about being cautioned for years NOT to let anyone do this, unless...and this is a BIG "unless"...it is a trusted source DIRECTLY from your IT Department.

Once I let load the GoToAssist app he sent me, he started accessing my folders, opened an iteration of what looked like the DOS prompt, called up the IP Address traffic info, pointed out how some of the IP Adresses were going to foreign locations from my laptop...all in a rush of technical jargon that seemed to bear out I had some malware present. He spent a few more moments scrolling back-and-forth thru the DOS info, and checking what programs / apps I had on-board my laptop. He told me he'd seen this before and pointed out what the search found: the asprobot (or asprogbot, or something like that) which messes with the Firewall protection of the system.

Here's where things took a turn for the strange. "Alex" suddenly turned on my laptop's camera so that I showed up. Embarrassing, as a start, because I'd just showered for the evening and only had on my PJ bottoms, so I was shirtless...and in the camera's eye, I could have been naked, for all intents. He chuckled about that, as I excused myself and fetched my shirt top. When I returned, he asked me if I was alone. I thought he'd heard Willo (my domestic partner) bringing our evening meal in, so we could nosh while I took care of business. I said yes, but what did that matter. He then made mention of the wall hanging behind me, a Mediterranean seascape as seen from a cozy porch on an overlook. Seemingly small talk, but not what I would think a trained Tech Assist would engage in. Nor, for that matter, why my camera was still on.

He said there was a way to combat the malware, but he needed a couple more pieces of info. He asked to see the original email with the confirmation of the purchase, so I showed him, plus the Key Code. He had sent the correct Key Code to me in the Chat window, and I pasted my version of it in, as well. They both matched, so early on I had a level trust built up. Alex then opened another text window and typed in "Zip Code - ", waiting on me to provide it for the area I live. The nagging feeling and the itch of something not being right got even more pronounced. This had been some very specific information he had me divulge. This final piece would be one more link to tie me to--

No my Warning Klaxon blared in my internal ears! WAIT! This sounds like a Phishing expedition!!! What had I been thinking???

I asked why he needed that info, and he asked me why I was being belligerent / hostile... and all I'd done was ask a question. I didn't even wait for him to finish his spiel about my "attitude," but hung up, closed all the open windows he'd generated on my screen, and shut off the laptop. No service rep in their right mind is going to treat a customer that way.

In short order, I called my local bank's after-hours service line and talked with a trusted source about what had happened. I explained that I feared being hacked, and I wanted to have the bank keep an eye open for any unauthorized purchases. We also agreed that "turning off" both my debit cards was a proper precaution, until I called the bank again to use them. We also tossed around the idea of generating a fresh new set of accounts, so any residual info they may have gleaned would be out-of-date.

I've had to do the same thing for a military bank account, explaining what happened, and going over options to protect my assets there. The biggest hassle is now going to every one of my online presences -- all the websites, all the social media, all the quasi-money handling apps -- and changing Passwords RIGHT NOW! I figure this will nip in the bud the majority of any backlash, yet, if they are going to be persistent then I have to stay vigilant for quite some time to come. Basically, I'll be looking over my shoulder for months, or years, to come.

My adjuration to any of you who have read this whole thing is: DO NOT let anyone have Remote Access to your computer system. It can ugly really fast, and your money and your data won't be safe.

One more thing that's encouraging... When I called Best Buy about the situation, and talked over how it got this point, they were apologetic and let me know a few other customers had run into the same thing. They asked me to come by with my laptop today to have it "deep scanned" for malware, and they would not charge me for the service, since I'd followed the guidance of their Geek Squad rep. It's not that he told me the wrong thing, it's just that there is evidently a mock website, or a cookie / app that has been lodged in my system that caused me to divert to the scam site. Very nice of them to take the responsibility to help fix this.

I'll report back with any further info about this whole debacle tomorrow... Meanwhile, Stay Safe!

B4someonemakesanappthatturnsUsersintobits&enslavesthem

well wont say it, naw I Will expected better from you, never ever allow a stranger acess to your computer....next time remove the program then start again...

Yikes - that is a cautionary tale... Glad you've got a plan to batten down the hatches

Interesting about the cookie thing that diverts to rogue websites - I think I experienced that myself last year. I made a donation to a charity via their website, but the donation page was actually a scam page - my credit card details were copied and used to buy random things. Luckily the credit card company recognised the transactions were suspicious and sorted everything out for me. I advised the charity of the problem but everything was fine when they checked it.

So... I'm still in the process of changing all my passwords. That's going to be taking a while, as I have dozens of online activities. This gives me the opportunity to cull out some of the unused / abandoned places, though, and that's a good thing. It's just a pain to come up with DIFFERENT and Relevant passwords I can remember.

As for the Banks: They recognize the potential danger, but cannot exclude any activity. I can only fight back "after the fact," if the hackers decide to dip into my accounts. Doubtless, if they have the right software, they could scan my system (even in the 5-7 minutes of the conversation) and may have decoded my logins with my financial institutions. My next Big Step would be to generate completely new accounts, with new account numbers and different passwords. Such a hassle...

B4ifindoutthefullextentofthedamage

well you can add a phrase to your passwords, you can also make your bank accounts two factor authenticated, and limit on withdrawals easy enough...

Yup. Got that going on already.
This is what I consider a "self-inflicted wound."
As you mentioned, logicus, I'm usually smarter than this.
It was the frustration level of not getting the app to take the Key Code that caught me off-guard & made me vulnerable. Not to self: Do NOT Rush...!

B4thisbecomesaprotractedsituation

The folks at BestBuy (Geek Squad) found the offending malware and killed it. They also cleared out junk files, to the tune of 2.1 GB, and removed a bunch of dead Registry entries no longer used. They also installed Webroot directly onto my laptop, at the store, so I didn't have to risk grabbing the download from the internet. They also only charged me half the cost, since they'd told me the website to use, I navigated to it, and got caught in the snare of a mock website. Greatly appreciated ~that~ consideration.

I brought back the laptop, set it up, started it, and...

...all is well! It cranked up quickly and there's not disruption to the files and connections. I gave it a "spin around the block", even diving into Second Life for a bit, to see if it still handled a graphics-intensive environment. It works as it should.

I've been steadily changing out my passwords at various websites, with new unrelated ones, so if the hackers do try to mess with me I'll have already prevented their access to my life. I'm believing their focus was merely to extort money from for a Firewall app that would have only given them "back door" access to my system anyway.

B4idosomethingelsestoopidthatjeopardizesmylife&finances

now back it all up on a usb stick, then next time all you need do is reformat the hard drive and reinstall system...(not that there should be a next time B4yougetdementiaandmaakethesamemistake)

I got scared by a pop-up called Guardio, which has a reputation as an antivirus program for Google Chrome.

But reading further, I found that it is horrifically prone to invasion by hackers. I worry that they got into my computer via Guardio. That's why I bought a new computer.

If even legitimate antivirus programs are suspect, what can we do?

I have Avira now. I hope it doesn't get subverted as well.