Wife was conned into allowing her computer to be hacked, what do I do?
My wife had a popup on her old Windows Vista laptop (which I've been threatening to switch to Ubuntu Linux). It appeared to come from our ISP, and informed her that she was hacked, and to call a number. An Indian guy answered, told her to go to a site (lmi1.com), gave her a code, and told her to input it to download a program and run it, which she did. He told her she was hacked and it would cost lots of money to fix.
That was when she finally decided to call me at work, and after she finally told me about downloading the program, I immediately told her to disconnect it from the internet and turn it off. I told her to call our ISP to confirm that it was a scam/hack. They confirmed that it was not associated with them. We have an always on connection, which might explain why they targeted us.
She told me she was already logged in to her gmail account, but didn't log into any accounts after her interaction with this hacker.
I've been to the bank to shut down internet access for our bank accounts until we can deal with this further, and confirmed that the accounts were not accessed online since well before the attack.
We're going to back up her files (via a Linux live-desktop), and she's getting a bright shiny new operating system by the end of the weekend, and she won't be using the laptop until then.
My question is: What should we do now?
We don't need new bank account numbers, I think that would be an impotent action regardless, right?
It's conceivable they accessed her email from her computer (since she was logged in). It's possible they downloaded files. I don't know if she had anything with social security numbers on it, but she might.
It's possible they began encrypting her files for the purpose of blackmailing her with their possible destruction, and she may have lost some of them.
I've told her to change her passwords on her email accounts. She mostly uses Google Chrome, not sure if that makes a difference.
Ancillary question: why doesn't the FBI shut down sites like lmi1.com?
Update: they called her back, and hung up after being challenged to give their address. I'm not sure what their angle is. If it's just an outright scam, that's it, no harm done. But they could try to mess with us. I don't think anyone would go to this much trouble to set up a zombie for a bot-net, would they? I wish I knew.
Update I understand lmi1.com is a legit website, but wouldn't they still have the opportunity to use the connection to surreptitiously install malware?
2nd Update My wife informed me she watched him download and install a file she called "system configuration" so they installed something. Don't know what.
See the FTC page on Tech Support Scams: In a recent twist, scam artists are using the phone to try to break into your computer. They call, claiming to be computer techs associated with well-known companies like Microsoft. They say that they’ve detected viruses or other malware on your computer to trick you into giving them remote access or paying for software you don’t need.
These scammers take advantage of your reasonable concerns about viruses and other threats. They know that computer users have heard time and again that it’s important to install security software. But the purpose behind their elaborate scheme isn’t to protect your computer; it’s to make money.
They document this class of scams thoroughly, and the page includes good information on how to act effectively in the event that you have already fallen victim. I have mirrored the content of that section below, but show your wife that page so she doesn't feel stupid. If You’ve Responded to a Scam If you think you might have downloaded malware from a scam site or allowed a cybercriminal to access your computer, don’t panic. Instead:
- Get rid of malware. Update or download legitimate security software and scan your computer. Delete anything it identifies as a problem.
- Change any passwords that you gave out. If you use these passwords for other accounts, change those accounts, too.
- If you paid for bogus services with a credit card, call your credit card provider and ask to reverse the charges. Check your statements for any other charges you didn’t make, and ask to reverse those, too.
- If you believe that someone may have accessed your personal or financial information, visit the FTC’s identity theft website. You can minimize your risk of further damage and repair any problems already in place.
- File a complaint with the FTC at ftc.gov/complaint.
I can't speak to the efficacy of this, but I do recommend pursuing that last bullet: file a complaint. Filing a complaint enables them to provide all interested and capable bureaus with critical information needed to at least defer future scams by the same attacker, e.g. if a U.S. phone number was provided then the FTC (or more likely some other bureau) will probably be able to seize the number and ensure that it cannot be used again for this purpose. I doubt the attacker is based in the States, but if they are then further justice might even occur; if not, that would probably be the extent of justice served on this. All of that said, the FTC is a good agency; they do what they can. Hit them up for sure.