vendredi 30 janvier 2015

Wife was conned into allowing her computer to be hacked, what do I do?



My wife had a popup on her old Windows Vista laptop (which I've been threatening to switch to Ubuntu Linux). It appeared to come from our ISP, and informed her that she was hacked, and to call a number. An Indian guy answered, told her to go to a site (lmi1.com), gave her a code, and told her to input it to download a program and run it, which she did. He told her she was hacked and it would cost lots of money to fix.


That was when she finally decided to call me at work, and after she finally told me about downloading the program, I immediately told her to disconnect it from the internet and turn it off. I told her to call our ISP to confirm that it was a scam/hack. They confirmed that it was not associated with them. We have an always on connection, which might explain why they targeted us.


She told me she was already logged in to her gmail account, but didn't log into any accounts after her interaction with this hacker.


I've been to the bank to shut down internet access for our bank accounts until we can deal with this further, and confirmed that the accounts were not accessed online since well before the attack.


We're going to back up her files (via a Linux live-desktop), and she's getting a bright shiny new operating system by the end of the weekend, and she won't be using the laptop until then.


My question is: What should we do now?


We don't need new bank account numbers, I think that would be an impotent action regardless, right?


It's conceivable they accessed her email from her computer (since she was logged in).


It's possible they downloaded files. I don't know if she had anything with social security numbers on it, but she might.


It's possible they began encrypting her files for the purpose of blackmailing her with their possible destruction, and she may have lost some of them.


I've told her to change her passwords on her email accounts. She mostly uses Google Chrome, not sure if that makes a difference.


Ancillary question: why doesn't the FBI shut down sites like lmi1.com?


Update: they called her back, and hung up after being challenged to give their address. I'm not sure what their angle is. If it's just an outright scam, that's it, no harm done. But they could try to mess with us. I don't think anyone would go to this much trouble to set up a zombie for a bot-net, would they? I wish I knew.





Aucun commentaire:

Enregistrer un commentaire