There are many people that wonder what the realm of Cybersecurity covers. Well I will be the first to tell you that it is all-encompassing. There are so many facets to securing your online presence. We deal with this on a daily basis. So to enlighten you and give you an idea of how a normal person can fall for scammers online, I would like to share the story of Toni. Toni is a wife and mother of two pre-teen boys. Toni does everything she can to keep her family safe. This is how Toni got taken advantage of by some very nasty people, and how it can easily happen to you.
How online scammers start?
Toni received an email on a Wednesday afternoon from Apple Support and iTunes, stating that a purchase of $1000 of Apple iTunes gift cards was being returned to her. However, the email stated that they could not return the money back to the card on file because there was an error. The email gave Toni a customer support number that she could use to contact them. Naturally Toni was concerned because she never purchased gift cards from Apple. She immediately called in and spoke with someone with Apple Support that informed her that after confirming her email and phone number with them, she was in fact the victim of an online scam. Concerned she continued to talk with the support team where they asked a few questions like is she on a PC or a Mac, does she have her passwords, etc. They told her that the email she received was the delivery mechanism for a payload of spyware and that her computer was mostly likely compromised. Toni was concerned because all of her online banking, children’s photos, etc were on her laptop. She was informed that in order to secure her laptop and her files, that her laptop was going to have to be cleaned of the spyware. The cost for this service was $1500. She agreed to the price. Now here is where is gets interesting.
She was informed by the support person that she was going to need to go out and buy gift cards for the service. Not just any gift cards, but three separate gift cards at three different stores using three different credit cards. She immediately headed out and bought the cards, came back to the house and gave them the numbers off the cards. She was then informed that her network was compromised and that her iPhone and iPad were also compromised. They asked her to supply them the IMEI numbers from both the phone and the tablet. She agreed and gave them the numbers. They said that they were done but needed her to check her router. They asked if it was close by and she stated no, that it was up in the closet upstairs. They asked her to go up there and look at the lights on the modem and router. They had her watch the lights for about 15 minutes and she did. After asking how the lights were behaving they told her that everything seemed normal. This would complete the service. She hung up thinking that everything was OK. Little did she know that everything was far from OK.
Internet Scammer Tactics
These scam artist do the best job impersonating Apple or Microsoft employees. They make you think that everything is under control. In fact, it is far from that. Shortly after the call Toni noticed that every time she got on her computer, she saw that the mouse was moving around without her touching the machine. Then she started to see charges on her credit card she did not recognize. She was told by a friend to contact someone that could help. She called me. After hearing 2 minutes of the story I told her to immediately shut her computer off and not turn it back on. That she needed to disconnect the internet at her house and wait for me. Yes it was that bad!
What had happened was she was contacted by a call center in India that specializes in mimicking Apple Support. During their diagnosis of her machine they installed remote control software on her machine to “check for spyware” when in fact they were the ones installing the spyware. When they asked her to go to the multiple stores for gift cards they were in fact getting her away from her machine to remotely use it to get into her online accounts. They set up some rules on her Gmail and Yahoo mail to reroute all mail to them at another email account. Then they started resetting her passwords on Walmart.com, target.com. eBay, PayPal, amazon, and even created accounts on Gyft and Google. They started buying more gift cards with her PayPal account and credit card on all of the sites. Why gift cards you ask? Because when you get the numbers off the back of one of the cards, or have them electronically delivered, you are handing someone over cash. They can sell them or use them for whatever they want, and they become untraceable.
When they sent her up to the closet to look at the modem they were back at it again, this time gathering all of her personal files, copies of her driver’s license, social security card, etc. This would allow them to open accounts as her or her children.
Why would they ask from the IMEI numbers on her phone and tablet? Because they can easily clone her devices on stolen ones and monitor her text messages as well as place calls on her account. So in case one of the shopping sites that they were getting into required a text verification code of the password changes, they could intercept the message and verify it was them.
Why you need a Cyber Security Specialist?
Over the course of three days they robbed poor Toni of over $5000 and put herself and her family into jeopardy. We were able to stop the attackers from doing further damage. We worked with the credit card companies to recover most of her money, which in these cases is not easy to do. Most credit card companies will not refund money on gift cards because they cannot get the money back. But if you know how to make the arguments and the evidence to gather, you can do it. Not only did we secure the property and their personal information, but we got them signed up with an incredible online security company that will protect their identities going forward and will legally go after anyone that attempts to fraud them.
And after all of that, we were not done! The “Apple Support” group continued to call her. So what did we do? We called the attackers back. Posing as a customer we asked very specific information and then asked for details that they needed to answer. Then we called our contacts at Apple that confirmed that they were in fact NOT Apple employees. Surprisingly the calls stopped immediately, and they are not answering the phone anymore.
Don’t get yourself in a situation like Toni. We can help you. And if you are in that situation or suspect you could be, give us a call. We can promise that we will be right there with you and make sure that nothing like this happens to you.