NVMUG November 2014 Meeting Report, Part 1
Northern Vermont Macintosh Users Group
Hartley Jackson, Midge Lubot, Russell Carlson, and Kelly Gonter attended the meeting. Kelly was quite late because their older car broke down on Sheffield heights. People did not live up to Vermont’s reputation for helping and it was quite awhile before one stopped to offer assistance. Kelly paid him $10 to bring him to the meeting, so she could ask Midge for help.
Hartley Jackson reported that he had been hit by a spam attack, and should have known better than to respond. This was the message:
Hartley said he should have known better than to call the number. A man with a Spanish accent who called himself Harry answered, said he worked for Apple security and asked to share my screen to see whether anyone had spammed my machine. Hartley watched as he looked quickly inside Hartley’s computer, declared there was lots of spam damage. Harry offered to clear off foreign stuff and gunk that is in Hartley’s local network for $109, and to set up security to prevent future problems for $150. When Hartley said he could not afford it, and couldn’t afford anything at this time, Harry asked Hartley to call him at 844 432 7785 when he had the money.
Hartley emailed Geof Gonter for help, and Geof replied:.
The second is a scam. The wisest thing you could have done was to close your browser immediately. Then restarted it to see if it was still present. You should never let anyone access your computer, unless they are a known entity, like your own paid support you have dealt with in the past or Apple, after you talk wit them.
First, have you reset Safari? Fifth item down under the Safari item in your menubar when Safari is the front window. Check your Safari Extensions to see if something was installed without your knowledge. If you don’t recognize it, turn it off. Restart Safari holding the “Shift” key down, after force quitting Safari, as well.
Following the the following may help:
Fix Some Browser Pop-ups That Take Over Safari.
Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.
Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.
However, I fear the person you let control your computer placed stuff on your computer. If you know the date and approximate time the person was controlling your computer, you’l find information about what was installed on your computer. If the items still exists, you might be able to find and delete them. Under “Go” in your finder menubar, go to “Go to Folder” and enter "/private/var/log/install.log”. That should take you to the log. Open it with “TextEdit".
The info at the following sityes may or may not provide some help.
Hope all this helps.
Hartley said this advice really helped, and he hopes it will help you to avoid this scam problem. We are very fortunate to have Geof Gonter and Stephen Farber and sometimes others with their knowledge and experience to help us.