FYI, I’m not, (or at least I didn’t think before today), the kind of person who would fall for this kind of scam. However, as I said in my post, they only got to me because I had just reported a broadband fault and I was awaiting a reply from my ISP, (British Telecom).
The phone rang some fifteen minutes after putting down the phone from the BT call centre, (in India). A man said he was ringing about my “computer problem”, which I mistook for the call-back from BT.
Why did I let him gain remote access? Well the clever part of this scam is that they point you to Windows logs which have alarming looking symbols alongside the log entry, which are all reasonably benign. They then hype-up this “threat” using some pretty impressive sounding, (for us non-professional PC users), threats and then they are in.
Once in, they must deposit some bogus files on your machine, as the files/logs they showed me, are nowhere to be found now.
The thing that makes me even more mad, (at myself), is that I was constantly rebutting their bulls**t. For example, I asked why all the entries in the log they were showing me, (to prove I was being hacked…and I suppose I was), had the same date and time stamp. He just said “Oh that’s because you hadn’t downloaded the error log until today and that’s why”. I failed to ask him the $64K dollar question however, “Who told you to call me”?
I also asked, “Why am I paying you to eradicate these files? I can just shut down my machine and run my virus protection software and malware detector”. He then, (again), gave some pretty impressive sounding, (to me at least), reasons why this would not work.
He wanted me to pay via Western Union but I said I wasn’t happy with this and wanted to use Paypal, which I did. I have contacted Paypal but they just threw up the security “gates” on my account but promised to do nothing about the scammers as I had allowed them to gain access to my machine, of my own free will. Which is fair enough I suppose.
I did watch what he was doing on my PC remotely and nothing seemed particularly malicious, although I am now in a state of panic in that he got enough info from my machine to instigate some form of identity fraud.
The ”end” came when I saw him uninstall AVG, (which I have re-installed BTW), and install the free copy of Malwarebytes. This was something I could do, (obviously), so I asked him why this standard piece of software was being used, for this irremovable “clean-up”? He gave some reason, made his excuses and said he would be going and that I should just leave Malwarebytes running until finished. He then disappeared.
I have now changed all the passwords on all my online accounts, from message boards to my bank. I am still debating whether or not to contact my credit card company. Although all those passwords have been changed, I am fearful that they could have somehow got hold of my credit card number, end date and security digits from my machine. I have also contacted British Telecom to tell them what happened. I am highly suspicious that minutes after I hang up from an Indian call centre, I get an unsolicited call…from another Indian call centre. At least BT will be made aware but naturally, this will all be speculative and un-provable.
Finally, your blog has supplied me with a few answers and a great deal of cold comfort, so thanks for that. I now intend to warn as many people as I possibly can, as my technical penance for being so stupid as to fall for a scam like this.
