moderated Re: Spyware


Gerald Levy
 

 
This happened to me a few months ago.  I was surfing the web for more information about Spectrum Internet service, and when I clicked on the link for a seemingly innocent web site, all of a sudden,a window popped up and a message in a synthesized female voice with a British accent started playing over and over  warning ominously that my computer had been taken over, and that if I wanted to have it restored to normal, I needed to call an 800 number.  The message would not stop repeating itself, and I could not close the window to get rid of it.  And I discovered to my horror that my computer had been frozen.  I could not access my desktop or start menu or launch any programs.  I could not access any files or folders.  I could not even bring up  the shutdown menu to shut down my computer, and I was afraid that if I tried to perform a hard shut down by pressing and holding the power button, my computer would not boot up when I pressed the power button again.  I figured that this was some kind of ransomware attack, so in a panic, I called the 800 number that the message kept repeating and was greeted by some scammer with a Nigerian accent who calmly told me that if I wanted my computer restored to normal,he would be glad to fix it for $150.  When I agreed to send $150 to some offshore account using PayPal, the guy proceeded to “fix” my computer.  I was scared sh-tless that my computer would never work again, but to my great relief, when I rebooted as the scammer instructed, everything was back to normal.  I ran full scans using MSE and Malware Bytes, and everything came up clean.  Fortunately, I got the last laugh because I immediately contacted PayPal which cancelled the transaction, so that the scammer never received a dime of my money.  These scanners can apparently circumvent even the most effective anti-malware programs, and no matter how careful you are, this can happen suddenly and unexpectedly without warning.  It is really scary.
 
Gerald
 
 
 

Sent: Tuesday, April 03, 2018 8:07 AM
Subject: Spyware
 

Hello:

When surfing the web last night, I entered on a link and got a pop up window that stated Windows detected my system was attacked by spyware.  It stated the spyware was now stealing my credit card numbers, passwords, and the rest.  It also stated this verbally in a female voice with what sounded like a British accent.  It demanded that I call Microsoft at an 800 number it provided.  It also stated that if I closed the window without calling that Microsoft 800 number, Microsoft would to protect their system disable my IP address.

I never trust pop ups from the web so tried to close the window without success.  I then shut down my system, but when I powered back up the pop up came up again.  This time though, I was able to close the window.  I ran a  virus scan with Windows Defender and there were threats found.  I entered on the take action link and let it run its course.  I then ran MRT.exe which found nothing.  Then I shut down the system and have not started it since.  Keep your fingers crossed that it is gone when I power up.

For your information, I am sending this message from my work computer, so should not be infected. 

Has anyone heard of this and is the 800 number legit?

Any help would be appreciated.

 

Thankyou,

 

 

John Doering

Administrative Pricing Specialist 

 
p. 414-778-3040 Ext 4063  t. 800-642-8778 f. 414-778-3392

 

NOTICE: The information contained in this email and any document attached hereto is intended only for the named recipient(s). If you are not the intended recipient, nor the employee or agent responsible for delivering this message in confidence to the intended recipient(s), you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this transmittal or its attachments is strictly prohibited. If you have received this transmittal and/or attachments in error, please notify me immediately by reply e-mail and then delete this message, including any attachments.

Join main@jfw.groups.io to automatically receive all group messages.