Blog Post

What do you do next when you have a Scammer on your Computer?

  • by Mark Townsend
  • 28 Jan, 2021

Fast action is required to minimise loss

I frequently receive phone calls from Customers shortly after they have had a scammer on their Computer. There are many articles about what you should and shouldn't do to avoid being scammed but what about when you have already made that mistake? The penny has dropped, your mouse is flying around on the screen - what do you do next?

There are many ways a scammer can end up on your Computer and it is worth just clarifying how this happens. You may receive a phone call allegedly from Microsoft or your Internet Service Provider saying you have a problem and they need access in order to fix it or you may have clicked on a link in an e-mail that says you have many viruses and need to dial a number in order to clean your Computer up. I also come across many instances where somebody has actually got a genuine fault and has googled 'Microsoft support phone number' or 'HP support phone number'. It is very dangerous to google phrases like this because scammers pay for adverts that appear at the top of the search listings making it appear as if they are genuinely Microsoft or HP. If you call these numbers the response will be very convincing and they will request access to your Computer in order to help. When you find an entry at the top of a search results list you will be convinced it is the most popular search result and therefore safe but look out for it being an Advert and therefore somebody has paid to put it at the top of the list. I am obviously going to recommend you call a local Support Business like mine but if you really want FREE support you must convince yourself you are on the legitimate Home Page for Microsoft or HP and then look for a Contact number within that site. 

Once the initial  mistake has been made and the scammer is on your Computer then what is he likely to do? It depends on the motivation of the scammer you have encountered. Most are only interested in money, you may encounter somebody that wants to mess up your Computer by installing a virus or deleting your files but this is quite rare and the real aim is to pretend to do the above in order to get you to pay up to stop or reverse the action. The first thing a scammer normally does is install Remote Access Software so that once you think he has gone he can easily reconnect. He will setup unattended access which means that each time you start your Computer he receives an alert which allows him to jump back on with you having to agree to it or click on any prompts. In these instances the main scam often takes place after your initial contact. While he is installing this software you will probably see him open a Command Prompt and execute commands and this helps him by making it difficult for you to know what he is up to. He may then run a Fake Antivirus Program that claims you have a large number of infections and demand payment for a cleanup or in some instances if he has hooked you in he will say you are due for compensation as a result of the viruses. He will award you an amount and then say he can only make a payment that is greater than your award and therefore you will need to transfer some money back. Beware, as the original award will never arrive or if it does will be claimed back. 

There are other things a scammer will try while he is on there. If you are somebody who saves all their website passwords in a Browser cache he will attempt to access this and harvest your passwords or he may attempt to turn on Bitlocker or Drive Encryption and encrypt all your Data. If this occurs he will then have a 48 character key (in the case of Bitlocker) and without it you have lost access to your Computer. Once you reboot that's it unless you know the key. Somebody like myself can rebuild your PC but will never be able to get the Data back. If you do pay the ransom it's 50/50 what will happen - you could say it depends whether he's an honest scammer or a dishonest one? I will leave you to judge!! However, the important advice here is bound to be ALWAYS BACKUP and DON'T EVER ALLOW ANYONE ONTO YOUR COMPUTER ACROSS THE INTERNET. I could add 'unless you're convinced of who they really are' but can you ever be? If you have a backup you can simply refuse to pay and get the Computer rebuilt. If you don't you're in trouble.

Returning to the possibility that somebody has installed some Remote Access Software and then gone away without doing anything else then what should you do next? Your Computer appears fine, the person has gone so surely you don't need to do anything? My advice is to get your Computer checked out immediately and of course I would say this - so why? The most sophisticated scammers just wait, they receive a message each time you startup and logon and they can jump on at any time. They are waiting for you to access your Bank account. When you do they are likely to take a screen shot of your Account Home Page as you see it and then throw it up as a wallpaper, lock your keyboard and mouse and then behind the wallpaper they transfer the money out of your account. It doesn't look like a theft to the bank, it looks like a genuine withdrawal. The crime takes place on a Computer that the bank knows is yours and has been authenticated by your fully valid logon. Scammers are clued up enough to know withdrawal limits and the amounts that will trigger an automated call or text and stay below these amounts. I often see three quick withdrawals one after the other. In the short amount of time this takes you are still puzzled at the loss of use of your keyboard and mouse and by the time you become frustrated enough to do something the money has gone.

As I have now made you read all the way to the end of the article I will finally answer the original question. If you are on a Desktop PC with an Ethernet cable then pull the cable out of the Computer or the Router as fast as you can. If you are on a Laptop or wirelessly connected Desktop Computer then get the Router off by pulling out the Power lead. In the event the Router is not quickly accessible then hold the power button down on the Computer until it goes off. Ignore what is being said if the scammer is on the phone, you must stop him before he gets Remote Access Software installed or encrypts all your Data.

As always Churchdown Computers are here to help. We can check your Computer for you after a scam or rebuild it if it's now encrypted and you don't know the key. Just call Mark on 07557 483438, e-mail mark@churchdowncomputers.co.uk or fill out the form at the bottom of the Contact page.    
by Mark Townsend 10 July 2024
What options are available once Windows 10 reaches End of Support?
by Mark Townsend 14 April 2023
Super fast speed for super low prices
by Mark Townsend 5 August 2022
Does a Mesh Network solve all the problems that Wifi Extenders don't?
by Mark Townsend 26 June 2022
What does end of life mean and what are the options?
by Mark Townsend 31 March 2022
Are low priced laptops a bargain or is there a price to pay?
by Mark Townsend 24 October 2021
Can the Hardware Requirements be side stepped?
by Mark Townsend 4 September 2021
If you are confident in your IT skills then Windows 11 will run on any PC
by Mark Townsend 25 June 2021
Windows 10 won't be around forever after all!!
by Mark Townsend 5 April 2021
Another speedy update is on the way!!
by Mark Townsend 11 March 2021
Can Housekeeping on its own resolve the issue?
Show More
Share by: