Remote Control Scams in 2023

Remote control scams are alive and well in 2023. I blogged about this just a year ago, but this is important enough to go over again.

Scammers grab as much money as they can.

A remote control scam is where someone is out to steal your money, and they use remote control software to get into your computer. Once they have access to your system, they’ll push further into your finances (and your consciousness) to take as much as they can. Some of these bad guys are aiming for a quick $300. But this year, I’m seeing where they aim higher. In the last month, I’ve spoken with victims who have lost $30,000, $75,000, and more than $100,000 to these cybercriminals.

What makes these scams so dangerous, though, is that there is nothing you can put on your computer to protect against them. There is no virus to guard against. Your computer is not being infected or hacked. It’s largely a social-engineering operation, where the victim’s brain is the target. If the crook gets inside your head, then they will win. So please be knowledgeable about how remote control scams work, so that you don’t become a victim someday.

How These Scams Begin

A remote control scam begins over a phone call. That call starts in various ways:

  • A unexpected notice pops-up on your screen. It claims you are being hacked or infected with many viruses. Or it may accuse you of viewing illegal adult content and threaten you with fines or arrest. A robo-voice warning may blare out of your speakers, and urge you to dial a particular phone number. These pop-ups are often difficult or impossible to close.
  • You receive a robo-call. The recording tells you that there is a problem with your computer or online account, and you should press 1 to be connected with an agent now!
  • An email announces that a charge is pending for something you didn’t buy. Something like a Norton renewal, Geek Squad payment, or an expensive app from the Apple Store. And at the bottom of the email, a phone number is offered to you if you wish to dispute the charge.

These alerts almost always drop a big name: Microsoft, Paypal, Amazon, Apple, etc. But that big tech company is not responsible for the urgent notice. You’re being lied to by an impostor. The scammers are just looking to get that phone call started, by stealing and using a respected name and logo!

Getting Inside Your Head

Once an active scam phone call begins, the cybercrook gets to work immediately. And their work is akin to hypnotism. They tell an urgent story, using very convincing jargon and details, in order to get your cooperation.

There are so many stories I can hardly remember them all:

  • Hackers are attacking your PC right now!
  • No worries, I can get you a refund for that charge.
  • I see that your computer is running slowly, and I will fix it for free.
  • We overcharged you in the past and would like to compensate you as an apology.
  • You have not paid these back taxes and officers are coming to arrest you in less than an hour.

If they get inside your head, the next step is to see if they can get inside the computer (or mobile device). They guide the victim to install a small program for this. And often, the victim hardly realizes what’s going on, due to the stress & panic of the situation.

If You Give a Crook Your Mousie…

These bad guys use the same remote control tools that all the good guys use. They just need to convince their mark to install one before the scam can progress. Here are some examples:

  • The crook emails a link to the victim, for downloading their “helper” app. They instruct on how to click the link and then to click Yes on any prompt while the program loads.
  • The scammer asks the victim to open Quick Support from the Windows Start Menu, and they ask for the access code on its screen.
  • A bad guy explains how to open a Run window. He then dictates a website to type in, something like www.ammyy.com or https://get.teamviewer.com .
  • The criminal tells how to use the app store on the phone to get an inspection app. But once the app is opened on the phone, it turns out to allow remote access.
remote control apps in the Google Play Store
These are just a handful of free remote access apps that scammers can use.

Anyone who follows these kinds of steps will permit a scammer full control over the computer. It is the same as when I connect to your computers to fix them. The cyber criminal will see the screen and be able to mouse around on the system. But they aren’t there to fix anything. Instead, they’re fixing to invade some bank accounts!

Further Convincing Details

Once aboard the computer, the bad guys often “get right to work”, running scans and opening lots of windows. They may show off a complicated Control Panel to show the thousands of errors on the system. Or launch a DOS window that is covered in IP addresses of the hackers targeting the system. They also can place lots of new and curious icons on the desktop:

convincing icons left behind by scammers
Bogus Icons That Sure Look Impressive

Whatever they demonstrate is just computer theater. The goal at this stage is to overwhelm and impress the victim, to get them to fall in line. They are “tenderizing the meat.” The crook really wants to be sure that they’ll get full cooperation on the next step of the plan.

Step 3: Profit

If the scammer has gotten this far, they will now start the financial part of the scheme. Some scammers still ask for gift cards, but the greedier criminals want to see the online bank accounts. They know it’ll net them more money. So they insist that the victim go to their banking website and login, with these types of stories:

  • I will be happy to refund you the $500 fee, if you can just show me what account number to transfer it to.
  • We must safeguard your savings before the hackers get to it. They have almost gotten your money, but we can move it to a safe government holding account before they hack you!
  • You can satisfy your debt with a quick transfer and I can show you how to do it through your bank’s billpay.

These criminals usually don’t care what your bank password is. They typically ignore your bank account numbers. They just want to see your balance. They want to see what the jackpot amount is, and their next scheme adjusts accordingly, to drain your account. One possible scenario:

The thief spots $500 in the checking account and $50,000 in the savings, They offer to refund the fake Norton charges to the checking. “We will give you your $400 back to you right now!”. But after they initiate a transfer, the bank account will refresh and show a $40,000 incoming deposit. The scammer will get angry and loud, claiming, “You mistyped it! You messed it up and took $40,000 from me! I will lose my job for this! I will call the police on you, unless you send me back that money!” And then he will attempt to wire transfer $40,000 out of the savings account to … some other account that he controls.

Here’s another far-fetched story:

The crook sees $20,000 in checking and $80,000 in savings. They say, “OK, look, we can save your money, but we have to move it all into your checking account. The hacker is attacking your savings account” After a quick money shuffle, the checking account holds $100,000. “Oh no, the scammers noticed what I did, now they are hacking after your checking account! We will have to move all your money to a protective FBI account. If we don’t, the scammers will take your money in the next 15 minutes. I can see that they have almost hacked your Bank of America security. Quickly now! We can bring back all of your money after the scammers are defeated!”

This is it. If the scammer has gotten this far, they’ve just won the lottery. The small fortune in American Dollars they’ve just grabbed will convert to a large fortune in their country’s currency.

If they have anything else to do with their victim at this point, it will be to buy for time. They may have other stories now, to calm the victim, to get the victim to relax and just wait a few days. This is to give them time to transfer and hide the money, to make it harder to for that money to be clawed back when the fraud is detected.

If You Have Lost Money To This Scam

After the scam and phone call ends, the hypnotism will fade away and the truth will dawn. At this point, you’ve got to act fast, to get a tourniquet on the situation:

  • Contact your banking institution to let them know you may have been scammed. Do NOT wait until the morning, call any and every number you have for them, until you reach a live human. Describe the entire scam-process to them, and they will know what you are talking about. Follow all of their instructions to a tee, to protect your account and seek recovery of your money. The sooner you contact your bank, the greater your chances of recovering your money!
  • Disable or uninstall the remote control software used by the bad guys. If you don’t know how to do this, turn off the computer and seek legitimate computer help!
  • Change your online banking password (your bank may help you with this when you contact them). Change the passwords to any sites you logged into while the bad guys were connected to your system. Change as many passwords as it takes to get your peace of mind back.

Final Notes & Commentary

When I teach people about these scams, a frequent comment I hear is “Boy, how stupid do you have to be to fall for this?” Let go of that sentiment right now. Scammers can rob people, regardless of intelligence or education level. I have helped so many people recover from these crimes, and the victims come from all walks of life. Some are business owners. Others are teachers. Many have gone to college and have Dr. before their names or many letters after their names. Let’s not victim-shame or victim-blame. We should instead focus on how skilled the criminals are at their game. Some of them truly are world-class hypnotists. Recognizing them as a serious enemy is a better mindset.

Big tech companies are not going to call you out of the blue with an unexpected crisis. It’s always a scam. If you still have doubts, talk to someone else before taking action. Call a friend or a computer tech or a family member. Only call phone numbers that you can trust 100%, like those printed on your billing statements or found at GetHuman.

Antivirus software defeats viruses. Ad-blockers stop malicious ads. Firewalls defends against hackers and malware. But as I mentioned at the start, this type of scam belongs to none of those threat groups. It doesn’t matter if you have a PC, a a Chromebook or an iPhone. Your head is the target, not the device. Knowledge equals protection with this issue, and that’s what all these words are here for. Please be aware, and cultivate a healthy mistrust for the unexpected.

Sharing a URL

Everyone needs to be familiar with sharing a URL. Let’s go over the basics of this process, plus a extra tactic that makes sharing a URL even better.

What Is a URL?

URL stands for Uniform Resource Locator. But before you nod off on me, let’s just agree that you can also call it web address. If you are at a website and you want someone else to see what you’re looking at, they need that URL.

A lot of URLs are lengthy and they can contain so much gobbledy-gook, that you wouldn’t want to try dictating it over the phone to someone. Also, don’t try writing it down. One typo or miscommunication, and you’re done. A single out-of-place character in a web address is just as bad as misspelling someone’s email address. It just won’t work.

Copy & Paste

Copy & Paste is your best tool for sharing a URL. Go to the website that you want to share, and click on its web address at the top of your browser. The entire address should highlight, and that means you are ready to copy that URL. There are lots of ways to copy something:

  • Right-click the highlighted URL and then left-click Copy.
  • Press Control + C on your keyboard (Command + C for Mac users).
  • The Chrome browser lets you click the 3-dots button to find a Copy option.
  • The Firefox browser lets you click Edit -> Copy, if you can get to those menus.

You won’t see anything happen when you Copy the web address. But it is saved to a temporary, invisible clipboard, and you’ll see it again soon.

Next, you need to paste that URL somewhere, often into an email. Compose a new email or open a Word document. Once there, click to position your cursor in the body of the message/doc and trigger the Paste function. For this, you can:

  • Right-click and choose Paste
  • Press Control + V (Command + V for Mac users).
  • The Chrome browser lets you click the 3-dots button to find a Paste option.
  • The Firefox browser lets you click Edit -> Paste, if you can get to those menus.

You should see the full web address where you triggered the Paste function, and now you can send or share that with others. That URL will take people to the same page you copied it from, as long as it is a public website.

But Wait, There’s More!

There’s an extra feature to this process that can help with lengthy or complex websites. Let’s say you want to share a URL, but you know that you want the recipient to pay attention to one specific sentence or paragraph at that site. And the webpage is difficult to peruse, due to its immense content. You can share a URL that goes to that website AND highlights a specific wodge of text.

Note: This bonus tip works in Chrome and Edge, but may not be available in other browsers.

First, go to the website you want, and find the passage you want to draw attention to.

Click and drag your cursor over that specific text to highlight it. Then, right-click on that highlighted item (Mac users, use Control + Click).

On the contextual menu that appears, click “Copy link to highlight”.

After that, paste the web address and send it on to others. When they click it, they will arrive at the website you gave them, with the chosen text as the focus.

Here’s an example where I’ve highlighted one sentence in a very long website:

https://www.shentel.com/en/legal/code_of_business_conduct_and_ethics#:~:text=We%20seek%20competitive%20advantages%20through%20superior%20performance%2C%20not%20through%20unethical%20or%20illegal%20business%20practices.

Xfinity Scam – “50% Discount”

There’s a scam going around right now, promising a 50% discount on your Comcast/Xfinity bill. You might see this scam in your email, Facebook feed or even get a phone call! In any case, please know that it is not a legitimate offer.

It is too good to be true. Anyone duped into calling the offered number will reach a scammer, not an Xfinity rep. And the crook will press you to pay some advance money to qualify for the fictional discount. Once you send them any kind of payment, they’ll disappear.

Xfinity doesn’t offer any deep discounts like this, but you are always welcome to reach out to them to verify other offers you might hear about. You can report this scam to them when you receive it, if you like, but rest assured they already know all about it.

Microsoft Outlook for Mac — Now Free!

Microsoft has made their Outlook email client free to download & use on Apple computers.

This is just for the Outlook app. If you want Word, Excel or other Office apps, you’ll still have to pay up. Or use LibreOffice.

Outlook aims to be the swiss-army tool of mail clients, with calendaring, tasks and more. If you prefer something more simplistic, MacOS Mail isn’t going anywhere. And if you need something with lots of features but want to avoid Micro$oft, there’s always the free Thunderbird email client.

Canary Tokens

Miners used to bring canaries with them deep underground, to help detect dangerous gases. If the bird perished, the humans knew to retreat before they too suffered harm. Nowadays, the canary-in-a-coalmine concept extends to other type of alerts & security “tripwires”, such as Thinkst‘s Canary Tokens.

Offered as a free service, this website allows anyone to generate a canary token and make immediate use of it. Now, many of the token options are beyond my ken, and I won’t embarrass myself, trying to explain them. But there are a few options here that are accessible & usable by most computer users. If you click the first drop-down menu on their token page, consider the options for Microsoft Word Document, Microsoft Excel Document and Adobe Reader PDF Document.

Creating a Token

Select the token document type, fill in an email address and the notes field below. Here’s an example:

Click the Create button and then the Download button on the next page. For the pictured example, you’ll now have a Word doc with a weird name to it. And now you can plant it somewhere to test your security.

Examples of Use

With a Word, Excel or PDF file token, you might just place the file on your computer’s desktop, or some other conspicuous place. Rename the file to be PASSWORDS.docx or InvestmentAccounts.pdf and then wait. If someone comes snooping while you are away from your system, you’ll get an email as soon as the file is opened.

If you’re an employer, you might test your staff’s security savvy by emailing out a harmless test phishing message. Send them a suspicious email with a token attachment. If they aren’t fooled, and they report the message to you as a fake, great! If they trust the email and open the attachment, you’ll get email receipt(s) about it. Depending on the results, you might follow-up with some internet safety training.

If you are worried that your email is being intercepted, then attach the token file to a new message and send it to yourself. When you receive your own email, let it set and do not open the attachment yourself. If you later get a canary token alert, that will help to prove that the attachment was opened by someone else.

Final Comments

I’m just scratching the surface with what canary tokens can do. If you work in web design, infosec, or other tech fields, the other listed options for canary tokens may make a lot of sense to you. They can help you figure out if/when your database has been stolen or misused, when a website has been intruded upon, and more.

Also, please appreciate that this tool is not specific to any operating system. You can use canary tokens on virtually any machine you have control over.

What To Do About Phishing Websites

I am seeing a rise in phishing websites; here’s some info on what you watch out for!

When you use a search engine, cybercriminals can game the results. They have ways to get their fraudulent websites to rise to the top of the page, and one method for this is simply to pay for ad placement. Check out this example:

I went to the Bing search engine and typed in the name of a local credit union. The first three results look like what I wanted, but they actually go to phishing websites. These phishing sites seem like the real deal, and offer convincing graphics and login fields. But anyone duped by these impostors may end up giving their banking passwords to crooks!

Also understand: This type of phishing isn’t just for financial sites. Recently, Cory Doctorow was shanghaied by a phishing result for the Thai restaurant he wanted to order from.

Protections

To protect against this rubbish, first please be on the lookout for the small markers next to search results that say “Ad” or “Sponsored”. Ignore or bypass any search results with those indicia.

Consider installing a browser extension that judges and rates your search results. Bitdefender Trafficlight puts a marker next to search results, to let you know what’s good or bad before you click on anything.

Change your browser’s search engine. If you explore your browser’s Settings or Options, there will be a menu or other way to set your default search provider. Right now, I see Bing and Yahoo being exploited the most. Stay away from AOL or Ask.com. Google might be safer. DuckDuckGo appears to be a great and safe choice, for now.

Install an ad-blocker into your browser. I consider ad-blocking to be your second line of defense (after your antivirus), and good free ad-blockers are widely available. This sort of tool might suppress some of the sponsored links you might otherwise encounter.

Bookmark your financial and most important websites in your computer’s web browser. Use your bookmarks more and your search engine less to get to things you visit daily.

On mobile devices, bookmarks are good, but apps are better. If your bank or other important company offers a dedicated, branded app, use it! Download it from the app store and use it instead of loading their site in your browser.

Reactions

If you encounter a phishing website, consider reporting it. The sooner a bad site is reported, the faster it may be removed from the internet.

If you were duped by a fraudulent website, take action as soon as you figure things out. Change any passwords you may have submitted to the bad site, and contact any financial institutions that you may have shared or used when you were phished. If you haven’t already, ask your bank about activating 2FA protection for your accounts.

And in general, give the real company a heads-up about what you’ve encountered. They may appreciate knowing about the impostor efforts out there.

Steam Tweak to Reduce CPU Usage

Some clever people over on Reddit have figured out that the Steam Client sometimes gobbles up too much of your CPU. If you see Steam using too many resources in Task Manager, try these steps. It may lighten the load that Steam places on your gaming rig.

  • Open Steam.
  • In the lower-right corner, click Friends & Chat.
  • On the Friends window, click the cogwheel icon.
  • Go to the last option for “Enable Animated Avatars…” and switch it Off.

Dish Network’s 2023 Outage

If you’re having trouble with Dish Network lately, you’re not alone. On 2/23/23, Dish was hit with a ransomware attack, and they’ve been struggling to recover from it for over a week now. You may notice troubles or outages pertaining to:

  • Dish TV channels
  • the Dish.com website
  • Sling TV
  • Dish Anywhere app
  • Boost Mobile cellular service
  • using your Dish login credentials/paying your bill
  • reaching Dish customer service

Ransomware attacks can take significant time and effort to bounce back from. Last year’s attack on Mail2World laid low their email services for a solid week, but recovery timeframes can vary widely. Dish is being tight-lipped, so far, about the gory details, so I couldn’t begin to predict when their service levels will return to normal.

For now, what I can recommend is keeping your eye on their website and the Dish statement for upcoming details. Also, it is possible that the attackers have stolen customer data, so you may want to proactively change passwords on Dish-related accounts and pay attention to financial accounts you’ve shared or linked to Dish.

For more reading on this, please consider:

BleepingComputer

PCMag

TechRadar

Will I Have to Pay for Facebook?

No. Facebook is going to remain free for all to use. This is clearly stated on Facebook’s Help Center. If you read somewhere that Facebook is going to begin charging everyone for access, that’s just an old hoax that gets passed around every few years. Don’t spread that nonsense, please!

But Meta is starting a paid service for Facebook and Instagram accounts, called Meta Verified. This new offering is purely optional. Starting at $12/month, this service is intended for famous people and content creators, and will offer them a special badge of authenticity and access to human tech support.

Meta Verified is not meant for regular people like you and me. It’s meant for celebrities and people who are more often targeted by criminals and impostors. Most of my readers can forgo this expense, and keep using Facebook as they always have.

I do see people grumping about this change, specifically where Meta Verified users get access to real live help at Facebook. Regular users get almost no assistance, if they are ever locked out of their accounts. It may seem unfair that, to get proper support, you have to pay up to the Almighty Zuck.

But the harsh counterpoint to that is: If you use Facebook for free, you are not a customer. You are the product. Facebook makes most of its money from their true customers (advertisers), selling access to their resource, a vast, semi-captive audience. While this point of view doesn’t make it feel any better, it may help explain why Meta does so little for us regular Facebook users.

How Long Should My Computer Last?

Many people ask me, “How long should my computer last?” And I could answer rhetorically with “How long is a piece of string?” but that won’t satisfy. I can do better. Let’s go over some concepts and ballpark ideas that will help you plan and manage your expectations for your computer’s lifespan.

Things Fall Apart

“That belongs in a museum!”

Your computer is just a machine, with moving parts. Some components heat up and cool down. Other parts rub or flex. And even others compress and expand with daily use. When we consider a computer’s lifespan simply based on wear-and-tear, we can hope for 4 to 5 years under average conditions.

But that sort of estimate will vary from one person to another, and should also be considered as the middle of a bell curve. If most computers age out in the 4-5 year range, there will be some computers that exceed that and live to see their 10th birthday, and there will be others that fail to thrive and die an early death. (Thank goodness for Costco’s 2-year warranty on technology items!)

Things fall apart at different rates, due to other factors, as well. Experts guess that desktop computers endure wear-and-tear better than laptops, due to better airflow and the ability to keep cool. You may retire your laptop sooner than expected, because the various ports have worn out. You’ll certainly un/plug many more times to a laptop’s power and USB ports than you would a desktop’s.

Totaled

And as components and ports wear out, the computer owner can certainly prolong the life of the computer with a repair. If it is worth it. On a young computer (<3 years), it may make financial sense to replace a broken screen panel, or have the power supply replaced. But once the computer gets into its golden years? It may not be worth the cost of repair. An expensive hardware issue may total the computer.

This can be a difficult judgment call to make. You can start by comparing the estimated costs of repair against the price of a new system. But that’s just a starting point.

Depending on the parts needed to repair a computer, they could be hard to acquire and/or expensive, due to age. Manufacturers often discontinue laptop parts after the 3-year mark, partly because they’d rather you buy another machine than repair the one you’ve got. Your repair technician can probably still find the pieces s/he needs, but it will increase your cost to do so.

Also, older computers have a tendency to turn into money pits. You haul your PC to the shop and the tech replaces the failing hard drive with an SSD. After that expenditure, the system still isn’t quite right. So you invest in a RAM upgrade. Better, but not quite perfect. Then, unrelated, the power supply dies and you have a new one put in. You review your expenses and wonder, Would all of these costs have equaled the price of a new tower? Should I have cut bait at the beginning? Just because a computer can be repaired doesn’t mean it should be. The money pit factor usually leads me to recommend people avoid sinking a lot of money into their computers.

Other Points of View

So far, I’m describing all of this from the points of view of the computer owners, and possibly the people who will repair your machines. Let’s branch out from those perspectives.

If your computer is a business asset, you may want to consider the tax liability of it. It looks like you get to depreciate and claim your computer for 5 years. I’m not a CPA, but if you have one, they may have relevant advice on this that will encourage you to move on from that 5-year-old computer.

Apple would have you think that their products will last longer than PCs. Debating that concept falls outside the scope of this post, but I have addressed that in years past on Facebook. But despite what Apple claims, they say otherwise in their Environmental statements. When assessing their greenhouse impacts and other metrics, they presume that you’re going to get about 4 years of use out of your iMac or MacBook.

CEOs and other big business leaders may refresh computers on a set timeframe, whether or not they need it. Many go by the 5-yr mark, but some do it sooner, on a 4 or 3-yr schedule. I’m sure this is done as a proactive measure, to avoid work stoppages and keep things efficient. If you have room in your budget and a need to stay productive, you might want to Be a Boss and decide when your computer’s lifespan is up. For the good of your business!

Final Thoughts

Most opinions revolve around the 3-5 year estimate for your computer. Here’s a few last items to consider:

  • Your wear-and-tear factor increases if the computer is in a very dusty or humid environment. Rough treatment and frequent transportation of a computer also shortens the lifespan.
  • A computer’s usability can also be affected if the operating system reaches its end of support. For example, the Windows 10 lifecycle ends on 10/14/2025. There are plenty of computers that will be retired on that day, because they cannot be upgraded to Windows 11.
  • I see a lot of chintzy and low-quality Windows computers coming out of Wal*Mart and Target. It doesn’t matter what brand name is on them. I know those companies are driving all of their suppliers for cheaper prices every quarter, and it leads to a loss of quality across many of the tech items they sell. So if your computer came from one of those stores, you may want to lower your expectations accordingly.
« Older posts

© 2023 BlueScreen Computer

Theme by Anders NorenUp ↑