Posted on 08/24/2017 4:32:18 AM PDT by Dad was my hero
Is this a scam? Two previous times over the last couple months I was called by someone (Indian accent) telling me that I was due a refund from a transaction I had with their company last year. I vaguely recalled the transaction and they knew the date and exact amount. I just needed to access my computer and checking account so they could give me the money. (red flags all over the place so...) I told them to just send me a check and we'll call it even then hung up.
Well yesterday another call, this time they had enough details to convince me they must have been legitimate, they had the last four digits of the credit card number I used at the time. So we began playing a verbal game that lasted almost two hours.
First they said for me to go to a site and download "teamviewer.dmg" and run it. So I did (starting to have that slight fishy smell). Then they gave me an access code. Now they had access to my iMac. They kept telling me to access my checking account and I'll soon see the money reappear in it. I had some difficulty telling the guy that the credit card I used was a club visa card with no checking account attached. He transfers me to the next person. I again explain that the card has no checking account attached to it. He insists that I'm going to see the money appear in my checking account but I need to access my account. So I told him I was accessing it, just not on the computer they were on, I work from home and my pc (two feet away from my iMac) is accessing my checking account, no money. I need to access it from my computer that they are shadowing! (fishy smell is now getting stronger but I'm still hooked.)
So I finally relent and in the mean time the guy tells me that they are not in the same country so exchange rates will apply, did I understand that? Yes. NOW, ABSOLUTELY DO NOT TOUCH YOUR COMPUTER KEYBOARD OR MOUSE WHILE THIS IS HAPPENING! Got it. Now, because of banking regulations in our country we cannot transfer amounts less than $10,000 so you will soon see that amount show up in your account. Then you need to transfer back to us $9,800 and keep the remaining amount. Well, alarm bells are going off and so I try to move the mouse to the log off section of my account and I am not able to control it, all the while they are shouting at me not to do that. So I reach around the back and cold shut down the computer which disconnects their call from me because my home is using Magic Jack. Another guy was also on my cell phone. BTW, every call that came to me came through as unknown or anonymous.
I ran a malware scan and had Apple support verify that they left nothing on my iMac.
I had the same reaction. They did everything but send up flares that they were trolling him. I didn't know that such naive grownups existed.
All that means is that some company's database of transactions has been compromised and this is how they have found a way to monetize the data they have gotten.
Truth about Root Kits. On a Mac, the only way to hit the system is with elevated ROOT privilege access. These days post with the introduction of macOS Sierra, that even requires a password above Root User.
Even if these bozos had an Administrator user level access to this computer it is very doubtful they could have installed any administrator level software on it without the administrator password. . . or inducing the user himself to provide that password. From what the user said, the only time that would have been provided was when TeamViewer was being installed. . . and that would have been entered BEFORE TeamViewer was installed, so it could not have recorded it. Ergo, they did not get to see it. There is no recorded location on a Mac where that password is stored in a clear form, it is stored in a hashed version, so it cannot be merely found by someone looking for it and it is a one way hash, so having the hash cannot reverse calculate the get the password.
As I said, if the OS is the latest, then installing a Root Kit is really problematic.
I would strongly suggest removing the Teamview Software, and anything that may have been installed after it was installed. That's easy to do on a Mac. Also check for anthing added to the user's Login Items in System Preferences, and also check both the System Library and User Library for startup items that should not be there. If the libraries aren't showing, hold the Option Key while clicking on the User's Home folder and it will appear. Same with the Hard drive icon (you may have to chose Finder Preferences to show the HD Icons to open to the Root directory of the HD).
Hell, I got quite a few of those from FBI Director James Comey. They must have been OK. They were countersigned by the Speaker of the House Nancy Pelosi. . . not to mention the Secretary General of the UN Khofi Anan, assuring me there were funds waiting for me in a box in a warehouse in Nigeria. . .
Thanks for pitching in, Sword. That is good news.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.