One can only assume...
That they have realised what an easy mark your average apple user must be <g>
Scareware cold-callers are adapting their tactics in order to target users of Mac machines as well as Windows PCs. Over recent months many prospective victims in the UK and elsewhere have received unexpected calls falsely warning them that malware had been detected on their PC. The scam attempts to hoodwink users into …
Although the victim refers to a "spoof logmein site", it was in fact the legitimate logmein site (as explained in the bootnote)? In which case the .pkg file originated from logmein which is cross-platform and the scammer didn't know they were targetting a mac. (also in the article)
So we still don't know if the scammers would have been able to plant malware on his machine had they gained remote control of it. Does the article not invalidate it's own title?
Are you claiming that www.support.me is a kosher LogMeIn site?
Many people on the internet seem to disagree with you.
Then LogMeIn are complicit in these scams. Why hasn't anyone sued them?
I get the feeling from this artivle that NO system is safe from these boyos; THey will be lint the HIV Virous, adapting to changing circumstances.
I'm sure it won't be long before their script gets changed to encompass both OSX & Linux based systems.
"Are you claiming that www.support.me is a kosher LogMeIn site?"
Connecting to www.support.me|220.127.116.11|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://secure.logmeinrescue.com/Customer/Code.aspx [following]
Yes it is.
"Then LogMeIn are complicit in these scams. Why hasn't anyone sued them?"
No they're not.
The whole point of LogMeIn is that you go to the site, enter a code, and the person the code belongs to can then remotely control your computer, for tech support purposes. If you're daft enough to let a complete stranger remotely control your computer, how is that their fault? It's just a tool - if someone tells you to throw a hammer at your computer, you can't sue the guys who sold you the hammer.
... the correct way of dealing with these scammers is to follow their instructions until they give you the LogMeIn code, then pass that code onto LogMeIn with a note that it's being used by the scammers. They know about the scam, and they will shut down the offending accounts. For preference, let the scammer know that you've done this and why, and that they are now out of a job.
Of course, I'm now getting calls from the filth who want you to get your malware directly from their fake site hosted in Lagos, but you can always ask your ISP to blacklist it.
Foreign accent telling me I had serious malware problem and what version of Windows was I using. I told her that all my machines ran only Linux and that she was obviously running a con. She rabbited on and I did what I usually do and left the phone to its own devices for a few minutes. Blow me after I put the phone 'back on the hook' she rang again !
Firstly... "The spoof of the LogMeIN site wanted to download a file. I was shocked to find that the download was a .pkg file."
WTF??? The domain ''support.me'' is REGISTERED TO logmein.com....
Secondly - the LogMeIn service is as stated a ''legitimate'' affair - and automatically detecting that the user is using a mac and offering a PKG file that is required for correct use of the ''logmein'' service is no more sinister than Adobe automatically offering the correct version of the Flash installation package to visitors depending on their browser's stated OS in the headers sent to Adobe.
The real test of if this would have been if the fake ''technician'' had a clue what to do if the call had proceeded, and he had found himself in a MacOS environment as opposed to the (expected) Windows one. (i.e. would he have had the correct scripts / applications to deploy to the remote MacOS 'host' to achieve the same end they would have achieved with a windows box.)
These scammers have been calling me weekly for about a year so a few weeks ago I fired up a freshly installed Windows 2000 VM and played along.
I installed logmein at their request and they took control. The "engineer" showed me event viewer ("look, infections!"), opened a command-prompt, typed a few irrelevant commands (ping, nslookup and tree) and then typed the word "expired". The salesman assured me that this meant my "core security system" had expired.
The engineer then took me to their website where they clicked a button to initiate a £40 paypal payment "to renew my core security system". Happily the ancient version of IE in Windows 2000 didn't understand paypal's https so it wouldn't connect. After half an hour of pointless tinkering they installed firefox and got me connected. And, of course, I refused to enter my details.
Anyway, this isn't a sophisticated scam. There's no malware. They are just trying to convince you to give them £40.
I reported the scam to paypal, but they weren't interested because I hadn't parted with any money.
I've had these buggers twice - the first time, I managed four-and-a-half minutes before revealing I was using a Mac, at which point they couldn't hang up fast enough. However, as the article points out, they decided to try again and pointed me to a (legitimate) remote access software site.
Worryingly, they were very defensive when I told them that I knew what they were up to; clearly they want to take it to the bitter end. One sniff of possible cash and they won't give up.
Now they're tricking people to installing remote desktop software such that they can remotely log into your machine? and since the site is a legit site (would work equally with NetMeeting or CWebEx), they think they're dealing with a legit company?
Well, it took 8 years of hard effort, but I'm so glad I put the tie in to convince my family members that "no one will EVER call you in relation to a virus or problem on your personal computer or phone." and if they do call, document everything about the call, schedule them to call back, call the police, and offer to have your line monitored to find the crook when they call back.
I occasionally get the "YOUR SYSTEM IS INFECTED" scam through Skype's IM. The latest version included OSX as well, although a quick peek at their site (using curl) suggests they haven't adapted their site yet — they were trying to build a fake Control Panel on their page.
Dunno if Block/Report does anything worthwhile, but it only takes a few seconds so it's worth a try.
"Dunno if Block/Report does anything worthwhile"...
That feature works perfectly well on the plain-Jane Linux version. Got a few hard-drivin' CamGirlz and a couple of yammerin' schmuck-a-thonic types moved on that way right quick a while ago. Haven't needed it again for ever so long... ( No idee why.) ;) Can't imagine the glitzy+snibbsey versions offered for the two Other Platforms nor their variants might ever work any worse that that...
Sometimes that selective blocking facility is Skype's best feature of them all. I for one am entirely satisfied with it. :)
"Please Mr Sir you have a virus on your machine. You need to download fix now!"
1. "Really Mr Dickhead, well I have my Amiga plugged and working. Now how do I get the browser to work on Workbench?" ( Repeat for ZX Spectrum, CBM64, Atari ST, TI99/4A, etc )
2. "Wow! Here I am, I have just slaughtered my entire family with a chainsaw, ground up their flesh with a magimix, espeically that b**stard borther in law of mine! He deserved it, the smug git with his BMW and 4 bedroom place in Godalming! God almighty I feel cleansed of the evil that have been wrought upon me! I am FREE!!!! Anyway, I needed to nip down to the shops for some Fairy Liquid, some bleach and some rubber gloves, I'll get some AV software while I'm down there. Can I get you anything? No, tell you what I'll send you the eyeballs OK! Byeee!"
3. "YES!". "You have download now.". "YES!". "Do you have your PC on?". "YES!". "Can you start Internet Explorer?". "YES!". "Have you done it yet?". "YES!". "OK, can you enter this into the address bar?". "YES!". "Have you done it yet?". "YES!"....and so on until he gets fed up with hearing "YES!"
4. SImply repeat back what the scammer says to you, add more spice by repeating it in a silly voice, cod-operatic falsetto would be a good one to try!
I have loads of these, I feel a website idea coming on....
While I've been at work the wife has had at least three of these calls.
After the first one, I told her to not give any information, but to mess with the scammer as much as possible.
She pretends she's so stupid she can't find the power switch.
She's had some good laughs at their expense.
Scammer, who has a thick East European accent: "Hi. I'm Reggie, calling from the International Anti Virus Centre! We have determined that there are serious virus infections on your computer and you need to fix them right now!"
Me, in my very best Imitation South Florida Cracker accent: "Gawd-dammit, that's my brother's computer, he'll kill me if I did somethin to it, fix it quick!"
Scammer: "First we have to run some tests to see which viruses you have. In Internet Explorer you need to..."
Me: "I don't think that this thing has Internet Explorer. Where do I find it?"
Scammer: "It has to have Internet Explorer, all computers do. Look for a little blue 'E'."
Me, after waiting a little to let the scammer's beard grow: "There's no blue 'E'."
Scammer: "How do you usually get to the Internet?"
Me: "There's this little red fox-like thing, I use that."
Scammer: "That's Firefox. We can use that instead. Launch it and install our security scanner on Windows..."
Me: "I don't think this thing uses Windows."
Scammer: "All computers use Windows. What kind of Windows do you have? Go to Control Panels and launch System and tell me what it says."
Me: "Where can I find 'Control Panels'?"
Scammer: "Look on your Start Menu."
Me: "What's a 'Start Menu'?"
Scammer: "There's a little button in the lower left corner of the screen, with a Windows symbol on it. That's the Start Button. Click on that and the Start Menu will pop up."
Me: "The only thing on the bottom of the screen is the Dock. There's a funny-looking thing that looks like an apple with a piece bitten out of it at the _top_ left of the screen, though. Should I click that?"
Me: belly laugh.
Somehow I don't think that there's all that much Mac knowledge out there in the scareware scam world...
Had a few of these myself recently, done all the usual tricks (acting dumb etc), but 2 of my fave responses are getting my wife to talk to them & as she's Japanese and speaks to them in Japanese, they usually spend 5 minutes asking her if she speaks English. The other way is to sould very interested in what they have to say, then after a few minutes, calmly inform them that they have phoned the Metropolitan police cybercrime unit and we have managed to trace the call origin <click>. Next time I think I'll try the whistle method
My partner got a call and basically told them to sod off. I got one a few weeks later, foreign accent, low quality VOIP call. I played along with them for a bit, until they asked my to open Internet Explorer and I said that "oh sorry, I use linux" (actually I was using Windows at the time, but I do use lin/win/mac) They said they would put me through to the linux department, by staggering coinsidence this was when the line went dead. I can only imagine that they accidentally hung up on me when trying to transfer me to their Linux department. Ahem.
so what about this story indicates that the scammers are now targeting mac users? We dont know if the caller even knew it was a mac nor if he would know what to do if it was.
Just because the remote control site offers a mac file to a mac is no more amazing than the fact that mac users can use paypal.
Biting the hand that feeds IT © 1998–2020