• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

Sign in to follow this  

McAfee "Lifesave" failed to save my computer!

Recommended Posts

techbeck    6,714
3 hours ago, Howard Davis said:

I got a call from Dell. I traced the source phone number and found it really was them by calling it; they were even able to tell me when I bought my computer, the ID number, etc. - so it is genuine. They cleaned out the worm and fixed or installed security software (theirs; not McAfee). My computer now has never run faster or better. I think they may have installed beta security software, as the guy I deal with at Dell calls about once a week to check it by linking to my computer. I keep no financial or otherwise sensitive information usable to hackers on my computer; only on removable USB memory.

Ummm, did you log a call with them and they called you back?  Because Dell would not just call you out of the blue.  And scammers know a lot of info about people.  Tried to order 80k worth of equipment from a supplier at work.  PO looked legit and they used employees names, phone numbers, and addresses.  You can literally type in any service tag on Dell's site and get the warranty/order info.  And service tags are not hard to figure out.  A lot of time, you just need one service tag number and another can just be one character different.

  • Like 1

Share this post


Link to post
Share on other sites
+warwagon    12,767

The reason the computer probably ran so fast after is because they removed Mcafee!! LOL

  • Like 1

Share this post


Link to post
Share on other sites
DConnell    6,580
14 hours ago, nekrosoft13 said:

its called common sense

You'd be amazed at how many people for whom that seems to shut off when they sit in front of a computer.

Share this post


Link to post
Share on other sites
+warwagon    12,767
21 minutes ago, DConnell said:

You'd be amazed at how many people for whom that seems to shut off when they sit in front of a computer.

To be fair, take an unsophisticated user and put scary writing in front of them. "Don't turn off your computer, or you will lose everything" "Your computer has been infected" ... I don't blame them for freaking out.

  • Like 1

Share this post


Link to post
Share on other sites
DConnell    6,580
1 minute ago, warwagon said:

To be fair, take an unsophisticated user and put scary writing in front of them. "Don't turn off your computer, or you will lose everything" "Your computer has been infected" ... I don't blame them for freaking out.

That's reasonable, actually. Of course the users I support (at work and on my own time) generally know to call me for stuff like that.

 

But too many will just do a Google search for the program they want and click the first link without checking if it's legit. That's what I'm talking about. That's what directing people to the Store, and encouraging developers to put their software in the Store, would cut down on.

Share this post


Link to post
Share on other sites
Howard Davis    15

It turns out I WAS scammed! Here is a copy of text from a report I filed today with the FBI. 

I also filed with the FTC last week, but without the information below implicating DELL employees as behind this scam:

 

I was initially contacted on Feb 5, 2018 by a “Steve Thomas” from 877-790-3355, which checked out 
to be the number for Dell Support. He told me the identifying and technical information for my 
computer, service tag number, etc. and convinced me the call was genuine. He told me they had 
detected that my computer had corrupted security files and spyware, specifically the KOOBFACE worm, 
and that data had been stolen from it. He proceeded to connect remotely to my computer to fix the 
issue, and eventually appeared to succeed in doing so, but told me I must pay $120 by purchasing an 
itunes gift card at a local store and sending him the card number to redeem it. I did this at 
Walgreens on 2/6/18; I have the purchase receipt and the gift card itself as proof.

 

I was then told by “Steve” that Microsoft/Dell could not accept the $120 card – though they had the 
information to redeem it, and I found out later that they did. I went to Walgreens, and they would 
not allow a cancellation and refund of the $120 to my bank account. 

 

“Steve” then told me he would contact itunes and get me the $120 refund. I never received it. Steve 
then told me that itunes would only refund a sum of $200 or more, and that I should get another 
$100 itunes gift card and send him the redemption information. He assured me he would then have the 
full total of $220 refunded to my bank account by itunes. I bought this $100 card at Rite-Aid on 
2/7/18 and forwarded the information to Steve. I have the purchase receipt and the gift card as 
proof.

 

So far I was out $220. “Steve” then told me the full $220 refund was in the works, and when I 
emailed itunes to check, they confirmed it was in process. Itunes however never issued any refund. 
Meanwhile, “Steve” told me that as I would be getting a refund of the full $220 already submitted, 
his company would still have to be paid $100 (he allowed a $20 cost reduction for my trouble) for 
restoring my computer. I bought another card for $100 on Amazon.com, and when I sent him the 
information to redeem it, it very quickly thereafter came up as having been redeemed. He claimed 
NOT to have redeemed it, but that it was done by a third party using spyware! I have a copy of the 
email proving this $100 purchase. Amazon of course would not refund the $100 and told me I must 
dispute this through my bank.

 

All three purchases were done on my Bank VISA card, and at no time was my account or card 
number information given to “Steve.” It was not in my computer either, so these criminals do not 
have this banking information. These purchases appear on my bank account statement dated 
2/10/18.

 

Of course I never heard back from “Steve.”
I have thus been defrauded out a total of $320.

 

I HAVE STRONG EVIDENCE THAT THIS CYBERCRIME AND OTHERS LIKE IT ARE BEING PERPETRATED BY EMPLOYEES 
OF DELL COMPUTER CO. LOCATED OUTSIDE OF THE USA. 

 

* The scam caller ("Steve Thomas") contacted me from the Dell Support service number, 877-790-3355. 
I was given this number by him, and tracing it using *69 verified it as the source of his call.

 

* If you call this number, the people there speak with the same foreign accent as did "Steve." The 
background noise heard is the same as I heard every time he called me.

 

* He gave me specific information (my computer service tag number, etc.) that convinced me the call 
was genuine. Only Dell has this information, and to my knowledge has reported no data breach. 
Failing to report such a breach is at the very least CRIMINAL NEGLIGENCE that enables the 
cybercriminals. Employees of course have easy access to such information.

 

* Some improvements in my computer's performance were achieved, but upon later scanning with 
Malwarebytes I found and quarantined many malware/spyware files probably placed by "Steve." If 
desired, I can send you the specifics of these files. 

 

* "Steve" was no novice; he demonstrated a level of expertise and training that is required of such 
computer support service personnel. 

 

* These personnel are paid relatively little by their employer, though highly skilled. They are 
located outside of the USA, so have considerable immunity from American law and enforcement. They 
are in a position to easily run this high-profit scam using Dell's facilities and customer data.

Edited by Howard Davis
updating

Share this post


Link to post
Share on other sites
suprNOVA    160
40 minutes ago, Howard Davis said:

It turns out I WAS scammed! Here is a copy of text from a report I filed today with the FBI. 

I also filed with the FTC last week, but without the information below implicating DELL employees as behind this scam:

 

I was initially contacted on Feb 5, 2018 by a “Steve Thomas” from 877-790-3355, which checked out 
to be the number for Dell Support. He told me the identifying and technical information for my 
computer, service tag number, etc. and convinced me the call was genuine. He told me they had 
detected that my computer had corrupted security files and spyware, specifically the KOOBFACE worm, 
and that data had been stolen from it. He proceeded to connect remotely to my computer to fix the 
issue, and eventually appeared to succeed in doing so, but told me I must pay $120 by purchasing an 
itunes gift card at a local store and sending him the card number to redeem it. I did this at 
Walgreens on 2/6/18; I have the purchase receipt and the gift card itself as proof.

 

I was then told by “Steve” that Microsoft/Dell could not accept the $120 card – though they had the 
information to redeem it, and I found out later that they did. I went to Walgreens, and they would 
not allow a cancellation and refund of the $120 to my bank account. 

 

“Steve” then told me he would contact itunes and get me the $120 refund. I never received it. Steve 
then told me that itunes would only refund a sum of $200 or more, and that I should get another 
$100 itunes gift card and send him the redemption information. He assured me he would then have the 
full total of $220 refunded to my bank account by itunes. I bought this $100 card at Rite-Aid on 
2/7/18 and forwarded the information to Steve. I have the purchase receipt and the gift card as 
proof.

 

So far I was out $220. “Steve” then told me the full $220 refund was in the works, and when I 
emailed itunes to check, they confirmed it was in process. Itunes however never issued any refund. 
Meanwhile, “Steve” told me that as I would be getting a refund of the full $220 already submitted, 
his company would still have to be paid $100 (he allowed a $20 cost reduction for my trouble) for 
restoring my computer. I bought another card for $100 on Amazon.com, and when I sent him the 
information to redeem it, it very quickly thereafter came up as having been redeemed. He claimed 
NOT to have redeemed it, but that it was done by a third party using spyware! I have a copy of the 
email proving this $100 purchase. Amazon of course would not refund the $100 and told me I must 
dispute this through my bank.

 

All three purchases were done on my Bank VISA card, and at no time was my account or card 
number information given to “Steve.” It was not in my computer either, so these criminals do not 
have this banking information. These purchases appear on my bank account statement dated 
2/10/18.

 

Of course I never heard back from “Steve.”
I have thus been defrauded out a total of $320.

 

I HAVE STRONG EVIDENCE THAT THIS CYBERCRIME AND OTHERS LIKE IT ARE BEING PERPETRATED BY EMPLOYEES 
OF DELL COMPUTER CO. LOCATED OUTSIDE OF THE USA. 

 

* The scam caller ("Steve Thomas") contacted me from the Dell Support service number, 877-790-3355. 
I was given this number by him, and tracing it using *69 verified it as the source of his call.

 

* If you call this number, the people there speak with the same foreign accent as did "Steve." The 
background noise heard is the same as I heard every time he called me.

 

* He gave me specific information (my computer service tag number, etc.) that convinced me the call 
was genuine. Only Dell has this information, and to my knowledge has reported no data breach. 
Failing to report such a breach is at the very least CRIMINAL NEGLIGENCE that enables the 
cybercriminals. Employees of course have easy access to such information.

 

* Some improvements in my computer's performance were achieved, but upon later scanning with 
Malwarebytes I found and quarantined many malware/spyware files probably placed by "Steve." If 
desired, I can send you the specifics of these files. 

 

* "Steve" was no novice; he demonstrated a level of expertise and training that is required of such 
computer support service personnel. 

 

* These personnel are paid relatively little by their employer, though highly skilled. They are 
located outside of the USA, so have considerable immunity from American law and enforcement. They 
are in a position to easily run this high-profit scam using Dell's facilities and customer data.

Okay before all the Tech guys get in here, I really feel for you, and I'm sorry for all this ###### you've been through. Hopefully this will be a lesson learned, albiet a difficult one. Your lucky you didn't have any super private or humiliating things on there. 

All good though, we live and we learn. :)

Share this post


Link to post
Share on other sites
goretsky    1,004

Hello,


I was wondering how this played out.  Thanks for the update.

 

I've always speculated that Dell must have outsourced support to a company involved in the scam, or that there was a data breach somewhere, but have never heard anything to confirm these types of scenarios.

 

Regards,

 

Aryeh Goretsky

 

Share this post


Link to post
Share on other sites
Jim K    12,666
1 hour ago, goretsky said:

Hello,


I was wondering how this played out.  Thanks for the update.

 

I've always speculated that Dell must have outsourced support to a company involved in the scam, or that there was a data breach somewhere, but have never heard anything to confirm these types of scenarios.

 

Regards,

 

Aryeh Goretsky

 

Well ... I might be misreading your post. 

 

-However, 87*-790-3355 is not a Dell Support number ... a quick Google search will indicate that it's a scammer.  The caller ID or whatever may be spoofed to show it is from Dell ... it is not Dell or any of their support numbers (3rd party or otherwise).

-Dell did post a blog in 2016 about the rising tech support scams which involved specific details (to include service tags).  People on the Dell forums have also stated they've been contacted by "Dell Support" with specific information (like service tags, owners name, etc.)  I'm not sure how transparent they have been about how scammers have gotten a hold of such information (did they have a data breach, did they have rogue employees, etc?).

 

However, the big STOP in this particular situation (as it is with most scammers) should have been ... iTunes gift cards.  I just do not understand how victims, when asked to provide an iTunes gift card as payment, think "yea, that sounds legit".  Truly baffles me (please, no offense to the OP).

 

Live and learn I guess ...

  • Like 7

Share this post


Link to post
Share on other sites
Shiranui    1,894
2 hours ago, goretsky said:

Hello,

 

Regards,

 

Aryeh Goretsky

 

I would have liked to have seen you as Bartholomew.

  • Like 3

Share this post


Link to post
Share on other sites
Howard Davis    15
18 hours ago, goretsky said:

Hello,

I was wondering how this played out.  Thanks for the update.

I've always speculated that Dell must have outsourced support to a company involved in the scam, or that there was a data breach somewhere, but have never heard anything to confirm these types of scenarios.

 

Regards,

Aryeh Goretsky

I have presented strong evidence that Dell support personnel are involved here - they have easy access to customer information. If this was hacked from Dell, Dell should have put out a statement to that effect. Their support personnel are paid relatively little though highly skilled. They are located outside of the USA, so have considerable immunity from American law and enforcement. They are in a position to easily run this high-profit scam using Dell's facilities and customer data, and thus I consider Dell culpable. 

18 hours ago, goretsky said:

 

 

  • Like 1

Share this post


Link to post
Share on other sites
nekrosoft13    702
On 3/4/2018 at 8:08 PM, Howard Davis said:

It turns out I WAS scammed! Here is a copy of text from a report I filed today with the FBI. 

I also filed with the FTC last week, but without the information below implicating DELL employees as behind this scam:

 

I was initially contacted on Feb 5, 2018 by a “Steve Thomas” from 877-790-3355, which checked out 
to be the number for Dell Support. He told me the identifying and technical information for my 
computer, service tag number, etc. and convinced me the call was genuine. He told me they had 
detected that my computer had corrupted security files and spyware, specifically the KOOBFACE worm, 
and that data had been stolen from it. He proceeded to connect remotely to my computer to fix the 
issue, and eventually appeared to succeed in doing so, but told me I must pay $120 by purchasing an 
itunes gift card at a local store and sending him the card number to redeem it. I did this at 
Walgreens on 2/6/18; I have the purchase receipt and the gift card itself as proof.

 

I was then told by “Steve” that Microsoft/Dell could not accept the $120 card – though they had the 
information to redeem it, and I found out later that they did. I went to Walgreens, and they would 
not allow a cancellation and refund of the $120 to my bank account. 

 

“Steve” then told me he would contact itunes and get me the $120 refund. I never received it. Steve 
then told me that itunes would only refund a sum of $200 or more, and that I should get another 
$100 itunes gift card and send him the redemption information. He assured me he would then have the 
full total of $220 refunded to my bank account by itunes. I bought this $100 card at Rite-Aid on 
2/7/18 and forwarded the information to Steve. I have the purchase receipt and the gift card as 
proof.

 

So far I was out $220. “Steve” then told me the full $220 refund was in the works, and when I 
emailed itunes to check, they confirmed it was in process. Itunes however never issued any refund. 
Meanwhile, “Steve” told me that as I would be getting a refund of the full $220 already submitted, 
his company would still have to be paid $100 (he allowed a $20 cost reduction for my trouble) for 
restoring my computer. I bought another card for $100 on Amazon.com, and when I sent him the 
information to redeem it, it very quickly thereafter came up as having been redeemed. He claimed 
NOT to have redeemed it, but that it was done by a third party using spyware! I have a copy of the 
email proving this $100 purchase. Amazon of course would not refund the $100 and told me I must 
dispute this through my bank.

 

All three purchases were done on my Bank VISA card, and at no time was my account or card 
number information given to “Steve.” It was not in my computer either, so these criminals do not 
have this banking information. These purchases appear on my bank account statement dated 
2/10/18.

 

Of course I never heard back from “Steve.”
I have thus been defrauded out a total of $320.

 

I HAVE STRONG EVIDENCE THAT THIS CYBERCRIME AND OTHERS LIKE IT ARE BEING PERPETRATED BY EMPLOYEES 
OF DELL COMPUTER CO. LOCATED OUTSIDE OF THE USA. 

 

* The scam caller ("Steve Thomas") contacted me from the Dell Support service number, 877-790-3355. 
I was given this number by him, and tracing it using *69 verified it as the source of his call.

 

* If you call this number, the people there speak with the same foreign accent as did "Steve." The 
background noise heard is the same as I heard every time he called me.

 

* He gave me specific information (my computer service tag number, etc.) that convinced me the call 
was genuine. Only Dell has this information, and to my knowledge has reported no data breach. 
Failing to report such a breach is at the very least CRIMINAL NEGLIGENCE that enables the 
cybercriminals. Employees of course have easy access to such information.

 

* Some improvements in my computer's performance were achieved, but upon later scanning with 
Malwarebytes I found and quarantined many malware/spyware files probably placed by "Steve." If 
desired, I can send you the specifics of these files. 

 

* "Steve" was no novice; he demonstrated a level of expertise and training that is required of such 
computer support service personnel. 

 

* These personnel are paid relatively little by their employer, though highly skilled. They are 
located outside of the USA, so have considerable immunity from American law and enforcement. They 
are in a position to easily run this high-profit scam using Dell's facilities and customer data.

i'm completely speechless.... i can't believe anyone would fall for that...

 

darwin1.jpg

  • Like 2

Share this post


Link to post
Share on other sites
Shiranui    1,894
On 2018/3/5 at 11:08 AM, Howard Davis said:

[He] told me I must pay $120 by purchasing an itunes gift card at a local store and sending him the card number to redeem it.

And at no point did this trigger alarm bells?

  • Like 1

Share this post


Link to post
Share on other sites
goretsky    1,004

 


Hello,

 

Here is one video of me, and here is another of me discussing IT security in real life.  Best I can offer.  Sorry if the production values aren't up to the same standards as that other video.

 

Regards,

 

Aryeh Goretsky

 

On 3/4/2018 at 9:39 PM, Shiranui said:

I would have liked to have seen you as Bartholomew.

 

  • Like 2

Share this post


Link to post
Share on other sites
Vince800    248

So after slating both McAfee & Dell - Nothing to do with either. Being duped into a very obvious scam (iTunes Vouchers) you still seem to come across as if you think that this is really Dell.

  • Like 1

Share this post


Link to post
Share on other sites
nekrosoft13    702
On 3/4/2018 at 8:08 PM, Howard Davis said:

 

 

I HAVE STRONG EVIDENCE THAT THIS CYBERCRIME AND OTHERS LIKE IT ARE BEING PERPETRATED BY EMPLOYEES 
OF DELL COMPUTER CO. LOCATED OUTSIDE OF THE USA. 

 

BTW, you have ZERO evidence.

 

Spoofing a phone number isn't difficult, its illegal yes, but its not difficult.

  • Like 1

Share this post


Link to post
Share on other sites
Howard Davis    15
14 hours ago, nekrosoft13 said:

i'm completely speechless.... i can't believe anyone would fall for that...

 

darwin1.jpg

This happens to people all the time, which is why they do it. If you are speechless and have nothing constructive to say, then DON'T.

Share this post


Link to post
Share on other sites
Mando    5,117

@Howard Davis

 

sorry to hear this is what actually panned out for you, i suspected it from the start.

 

not having a go at all but didnt the itunes angle not make you go wtf?? Why would "Dell" ask for payment in itunes credit? 

  • Like 1

Share this post


Link to post
Share on other sites
Howard Davis    15
13 hours ago, Shiranui said:

And at no point did this trigger alarm bells?

In retrospect, it should have.

At that time however they had greatly improved the performance of my computer and I felt deserved payment. 

Also in retrospect, they may have been the cause of the problems - Malwarebytes found spyware they may have installed.

  • Like 2

Share this post


Link to post
Share on other sites
+warwagon    12,767

I would also change any and all passwords that you have. It's very easy for them to run an application such as identity protector which shows in plain text all of the saved passwords in the browsers. If you use the same email address and password for everything they can see that and if you use special modifications of the same password per site they can see that too.

 

I'd recommend a reinstall or at the very least roll that system back before you were scammed. Also check the programs and feature list for any remote assistance apps still installed on your computer, these may include..

 

Screenconnect (connectwise)

Gotoassist Customer

Logmein

Team viewer

Anydesk

 

If you have any of these uninstall them. Also check next to your clock to make sure an unattended session is not actively running.

  • Like 2

Share this post


Link to post
Share on other sites
Mando    5,117
2 minutes ago, Howard Davis said:

 

Also in retrospect, they may have been the cause of the problems - Malwarebytes found spyware they may have installed.

thats exactly whats happened mate, they get into the system, "fix it" while dropping the real backdoor payload and your now a dormant bot machine for them to C&C whenever they need.

 

if it was me personally or professionally, id be nuking that system from orbit, low level format the drive and do a clean install and use good paid for AV mate.

 

Also add Warwagons advice to what else to do.

  • Like 2

Share this post


Link to post
Share on other sites
+warwagon    12,767
4 minutes ago, Mando said:

good paid for AV mate.

1

I don't think a AV's do much to prevent this type of thing, it's social engineering at it's best.

 

When I hear these types of stories it always makes me think i'm not charging enough if people will drop $320 at a drop of a hat.

  • Like 1

Share this post


Link to post
Share on other sites
Mando    5,117
3 minutes ago, warwagon said:

I don't think a AV's do much to prevent this type of thing, it's social engineering at it's best.

 

When I hear these types of stories it always makes me think i'm not charging enough if people will drop $320 at a drop of a hat.

no, but if its password protected the scammers cant remove it ;) simple padlock security mate. it would stop any backdoor payload being dropped in the scam ;) . ofc dont leave it as the vendors default password.

Share this post


Link to post
Share on other sites
+warwagon    12,767
3 minutes ago, Mando said:

no, but if its password protected the scammers cant remove it ;) simple padlock security mate. it would stop any backdoor payload ;) 

What user going to password protect their AV? ;) 

Share this post


Link to post
Share on other sites
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.