A Cautionary Tale from TechCommGeekMom

This has been a horribly rough week for me, but I’m hoping that I can help someone else avoid the nightmare from hell that I went through this week in telling my cautionary tale. It has to do with internet security.

I have to admit that I’m embarassed by the whole situation, because you would think that someone like me who has at least some sense of computer/internet savvy would not fall victim to this, but I did. It could’ve been worse in some ways, but I still fell for it, so I share my tale.

It started a few days ago, as you may have read from my last post. My laptop, which I cherish almost as much as if it were my child, had gone down for the count. It wasn’t a mere system crash, like a corrupted hard disk drive or something like that. That would have been devastating as well, but I know these things happen. Instead, it was that I was scammed.

First, I have to set the scenario for you. I’ve been experiencing some slow down on my computer recently. I understand that happens now and then because of various programs and files we add. The more we add to our hard drives, the more time it takes for the system to find and execute the files–I understand that. But there would be some sort of strange hesitation as I would try to get things done. I saw that I had some viruses that my anti-virus software was catching, and I know even my husband has said that our internet connectivity from our provider has been spotty now and then, so I didn’t think much of it. Additionally, I have started working for a training consulting company part-time at night, and I had to install their client’s conferencing software on my system. Now, just to clarify– I know the culprit wasn’t the client software, because it comes from one of the biggest OS providers in the world, so I know that it would not be infected. (I’m not allowed to disclose the client, but let’s just say that EVERYONE has heard of them–and it’s not Adobe or Apple.) Some other instructors seem to be having issues using the product, even though I didn’t seem to have problems, but I know connectivity was an issue.

So, one day when I was trying to figure out what could be causing that slowdown, I got a phone call on my home phone (I am not working full-time in the daytime again, so I was home.) The guy on the other side had a strong foreign accent and claimed to be calling from Microsoft. He claimed that my system had sent a message to Microsoft that there was a truly evasive virus that was striking my computer and not allowing updates to happen, or something to that effect. I questioned how they got my number, and he claimed that it was included when I registered my OS with them. In retrospect, I should’ve remembered that I didn’t do that, as my OS came with my machine. I questioned him again, because I didn’t contact them first…that should have been my tip-off right there. He stressed again that when I share information on the system about Microsoft, that’s how they know. Since I actually was having some minor issues with my machine and the teaching consultancy knew about it, I didn’t know if perhaps they had called Microsoft, and asked them to contact me, and this chap was just following through. This is where the caller got lucky.

He proceeded to have me go to my laptop, and have me type a few things there, and open up some files to “prove” his point. Like most who aren’t tech support people, what he showed seemed legit, and then he asked me to download some software from a website. I looked at the website before downloading, and just at a quick glance, it was shareware that allowed a remote person to share the computer. I’ve talked with tech support people in the past, and that’s not an uncommon thing to do, and stupidly I downloaded it, and shared my computer. This was the second stupid mistake I made.

As I was distracted by the fellow opening up Notepad and telling me about what they could do, in the background, unbeknownst to me, he was removing files and planting a vicious malware virus. As he got to the point in the conversation that he said, “And this can all be fixed for a fee of US $177.50…” I stopped him right there. I said if Microsoft is truly trying to provide me with excellent customer service and calling ME, then THEY should be doing it for free, not charging me an arm and a leg for it. I started to argue with the guy that I was not going to pay this fee, and hung up. By then, the damage was done. I noticed that the number of shortcuts on my desktop seems smaller, and the wallpaper in the background was gone. “DAMN,” I thought (although I think I used a different word of profanity, for sure), “He’s still in there!”

I quickly turned off my machine, the fastest way I could think of to disconnect this guy from it. Of course, I started to panic. I just fell for a scammer, and I had the warning signs right in front of me, and didn’t heed my own instincts. How stupid I was! At least I hadn’t let him have my credit card information at payment time, so that was safe. I rebooted my machine, and saw the same problem– my wallpaper was gone, and so were the shortcuts. I proceeded to look at what other damage was going on. In the meantime, my anti-virus programs were going crazy picking up the viruses from before as well as some additional ones. I was able to check my bank accounts, which were still safe, but I quickly changed the passwords as a precaution. I also checked to see if the software that I had used to let this guy in was still present, and it was not. I must have just run it from a temp file, and I could clean those out, so I was good. But as time went on, I could not do much. All the executable files would not work. I tried a system restore from an earlier time of the day before the attack, but that didn’t do much. In addition, this scum took some files that were important to me. Some were expendable, but they included more than a decade’s worth of photos of my son. Since the digital age kicked in, this child hasn’t had a film photo taken of him since he was about a year old, so the record of my son’s whole childhood was lost. I was the most distraught I think I’ve ever been in my life.

I mean, in the end, my logical head knows it’s just a computer, and no lives were hurt, no one died, and all was generally safe, but I had truly felt violated, almost as if I had been raped, but knowing that I had not. I had been emotionally and mentally compromised, and I was upset at myself for falling for it, my husband was upset that I had falled for it, and I felt helpless and stupid. I really should’ve known better. I just never thought it would’ve happened to me.

So, it’s now 5 days later after the attack, and we are still working on recovery. By a miracle, I had done a partial backup of files the day before the attack, so we were able to restore my son’s photos and other files. Sweet relief! The malware the scum released into my system was a particularly nasty one–it took about 2-3 days for my husband to figure it out and finally get it out of the system successfully, as it would attack all the executables so that you couldn’t open anything–not a browser to get the special tool kit needed to eliminate it, not the anti-virus programs to get the rest of the scourge out, or even anything to help one repair the whole system. But LMSGeekDad did it, and he did a great job.

So naturally, my next move, now that my system became operational again, has been to work on getting a better backup system in place. I have an external hard drive, but it was cluttered, and I had to truly go through to free up some space so that my system could do a proper backup. I moved those precious photos to a cloud depository so I knew they’d be safe, and moved several other files to the Cloud as well. While my iPad and iPhone were working during this time, and I could have done some of my work from there, I was too distraught and distracted to really participate in anything online like I usually do. The other issue was that I had to teach my first class online, and I had to make sure, even if my own laptop was still out of commission, that I had a means of teaching the class. So I was installing software on my son’s computer as a “Plan B” if my laptop could not be restored in time. I was on the phone with one of the client offices in Korea at 1:00 AM my time to make sure that the conferencing software worked (it did), so at least I had that in place. Nevermind that I was incredibly nervous and anxious about teaching this class as it was, but the residual emotions of the attack were still fresh, as we were still in the process of restoring my machine, and that didn’t help.

Fortunately, LMSGeekDad had my laptop running again just a couple hours before I had the class, and since I had saved the presentation for the class on the Cloud, I could go back and finish customizing it as planned, and I was able to reinstall the conferencing software and make the connection to Korea successfully again. I was able to complete the course, and start to catch up with things, but still not enough. After the class night, I’ve been working to try to clean out my system some more, and figure out the best way to back up my files. Two days after that, we are still working on getting a good backup of the system onto my external hard drive, as we are running into problems. We’re figuring it out bit by bit, but my machine is functioning enough again that I can try to get back on track. While I am writing this on my iPad (I started it on the laptop) right now, we are trying to figure out backup issues with my machine still. It’ll get done, and then all will be right in the world again, but for now, the worst of the crisis is over.

What is the lesson of this tale? Well, there are several.

First, make sure you do your backups regularly and make sure that you run your anti-virus software regularly as well.

Second, use the cloud whenever possible! There are a lot of great resources. I have iCloud for my iDevices, but there’s also Dropbox, Google Apps and SkyDrive among others.

Third, and most importantly, if someone contacts you and claims that they are calling from Microsoft, Apple, or anyone else, and YOU didn’t contact them first about a problem, HANG UP. It’s a scam.

Please learn from my mistakes!

In keeping up with this theme of using mobile and cloud computing when possible, and understanding personal computer security, I’m actually going to have a guest blogger shortly to provide some great information for my readers. He’s actually the person who encouraged me to write this blog in the first place, and greatly supported me through this crisis with some great advice and guidance. He has some fantastic tips that I’m going to have him share with you, and hopefully you’ll benefit from his experience as well.

Happy and safe computing!

This entry was posted in Uncategorized and tagged , , , , , , , . Bookmark the permalink.

4 Responses to A Cautionary Tale from TechCommGeekMom

  1. protoshimbun says:

    What a horrible thing to happen, and your lessons about backup are spot-on. Computers are generally pretty reliable these days, so it’s easy to forget they can go wrong and lose data at any time. Hard disks have a finite life, so even without anything malicious or accidental happening, your data is never safe unless it’s backed up.

    I’m not convinced about your interpretation of what happened, though. First of all, I’ve had many, many of those calls from India claiming to be from Microsoft, and since I write for computer magazines I deliberately followed a couple through to their conclusions, allowing the caller full remote access to a PC in the same way you did. (You can see a video of part of one of these calls on YouTube if you look up my name.)

    The caller (or an associate during the call) made a number of changes to my hard disk – but the net effect was zero. They deliberately created a restore point, then messed around with a few unimportant files. Had they broken anything, they could have used the restore point to undo the mistake – but they didn’t. They left the computer completely unharmed.

    Why? Because they have nothing to gain from installing viruses or any other malware. That’s not the nature of this scam. People who want to install malware on your computer are generally building botnets. They need tens or hundreds of thousands of computers under their control to carry out attacks. They can’t afford to hire people to phone up all those people and spend half an hour pretending to perform tech support activities for those who succumb. It wouldn’t make commercial sense.

    The scammers you dealt with make money much more simply. They pretend there’s already malware on your PC and ask you for money to remove it. I suppose it’s possible they might think about installing malware to make their claims more credible – but think about it – then they’d actually have to remove it! Why give themselves the extra work?

    It’s overwhelmingly likely that something was already wrong with your PC before the phone call. And while your PC may well have had a number of viruses knocking about, it’s unlikely any of these erased your data. That’s not something malware generally does. Again, what would be the benefit? Viruses want to duplicate undetected. Spyware wants to harvest data undetected. Botnets want to lurk undetected. Going around deleting files makes about as much sense as a ninja leaping out with a throaty war cry and posing artfully with his sword before launching an attack. Might happen in films; not in real life.

    If you do find vital files missing, the most likely cause is human error (you accidentally moved or deleted them) followed by hard disk failure, which can be a long drawn-out process. The very last thing to do if files have been lost is to start a big virus clean-up operation. This will affect all sorts of different files on your hard disk. And the more data you change, the less chance there’ll be of recovering the files with an undelete utility – which is the correct and often (to at least some degree) successful first step.

    Of course, I could be wrong and you may have been the victim of a rogue telephone-based subcontinental virus injector! But I think this is a good opportunity to offer other users some slightly different advice on the issues you’ve very responsibly raised.

    I do hope you find copies of at least some of the photos you lost.

    • I understand what you are saying. I agree– many tech support centers are in India and other parts of Asia and the rest of the world, and we do grant them access. I have done this on several occasions without any issues before. The mistakes I made were this: 1) I did not initiate the contact–they called me, I never contacted (emailed or called) them. In instances where I have initiated the contact, and the support center had to call me back, they would provide a name, incident number and other identifiers to let me know. They only gave a name and company, and THEY initiated the call. 2) The software they used to share was from a legitimate company, but in retrospect, it was shareware, and most of the companies that asked me to use some sort of sharing software would not use shareware. 3) I know I did have some viruses, but whatever was unleashed was not there originally. I guarantee it. I have also heard (after recounting this to others) about some scammers who would remove files and then hold them ransom until the money was paid. They did “show” me problems in my machine, but they could have been legitimate errors, not signs of viruses. Nonetheless, the lesson learned for me was that I needed to have a better backup in place, and that if I did not initiate the contact, then it’s more likely than not legitimate. The other tip-off, as you pointed out, was that a legitimate support person would help you save whatever was on your screen and help back things up or create a system restore point before attempting to fix the problem. The person who got on my machine just started closing things without asking me to save them, and I was working on some important drafts of documents that I needed to do. I yelled at them to stop so that I could properly close and save those items, and they just barrelled ahead.

      I agree there are a LOT of legitimate tech support outlets around the world, and they will require you to share your computer, but in knowing that YOU initiated the contact, and the “support” did not contact you first ensures that you are talking or dealing with a legitimate support center, and their actions are being recorded and monitored. I spent many years working in customer service myself, and I know there are good people in the field out there, but this person or persons were not good people. They stain the reputation of a lot of good people just trying to do their job out there, so in sharing this, I wanted to point out some warning signs that even someone who is generally more savvy than the average person on the street–but not necessarily a computer whiz at the same stretch–could fall for and be victimized as a result. I felt horribly betrayed and violated from this, because I HAD trusted others in the past to be honest when I granted access to my machine. There were warning signs, and I did not heed my own judgement. And they have their revenge by releasing something if they don’t get their money, that’s for sure. Additionally, the way the caller argued with me also showed, as I looked at it in retrospect, that they did not handle the call well from a customer service perspective. They handled it poorly. I like Microsoft, I like Apple, I like Adobe and Symantec and Dell and loads of major companies. Some have better customer service than others. However, in this case, as I’ve said, there were plenty of red flags that I should’ve seen from the start, and stupidly ignored. I don’t move things around or delete things willy-nilly; if I don’t know what it is, I don’t touch it. I’ve learned that mistake from the past as well.

      I was able to recover the photos as well as all the other “lost” information due to a miraculously fortunate coincidence that I had backed up my system the day before, so I still had them and couldn’t retrieve them right away. It took a special tool-kit to extract the malware they left, as well as recover everything. It’s only now that I’m back in business fully (with the exception of a disconnection with an email server that has changed, but that is minor and will be fixed tomorrow).

      We trust so much, as you said, and I thought that I, of all people, knew better. My point was that even I could be duped, and others could be as well. I’m much more cautious now as a result, and now understand why “genuine” security features are included in software much more now than ever.

      Oh…and one last thing…I looked up the number on Google after the call, and the top hits for that number said it was the number recorded due to scamming purposes. IT WAS A SCAM. While I reported the information to http://www.ic3.gov, my BFF who works in the FBI said that most likely nothing could be done unless I had lost over $50,000 to these crooks. Fortunately, they didn’t get a cent from me.

  2. Hey, I think your blog might be having browser compatibility issues.
    When I look at your website in Safari, it looks fine but when opening in Internet Explorer, it has some overlapping.
    I just wanted to give you a quick heads up! Other then that, excellent
    blog!

    • That’s odd, because I actually write it in Safari, and I checked it in IE, and all seemed to be fine. I would advise making sure that you have the latest updates to your browsers! Thanks!

What say you?

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s