Question Mother got hooked by scammer but got away. Chromebook security questions.

_dawn_chorus_

Distinguished
Aug 30, 2017
563
56
19,090
I'm unfamiliar with Chrome OS and it's security, I had my Mom call me saying she was worried about hackers and thinks she got scammed, this is her story, "dun-dunn":

- googled how to talk to a real person from comcast, and found the following number: 1-888-927-0775
(I googled this number itself and it produces "how to talk to a real person at" many companies so obvious scammers)

-They had her navigate to some sort of screen share, according to her it was within the browser, her history suggest otherwise and I'll link a picture. Once granted access, she said they couldn't move anything, they had to instruct her to do everything. So it wasn't remote access but some kind of screen casting?

-She said all she told them was her email address and her name and phone number.

-Once in her email the man (with a strong Indian accent) said some German hackers had been trying to access it and she needed to pay them like $300 to install security software on her email (lol)

- At this point she got suspicious and declined. She said the man sounded frustrated and hung up on her.

So my question is: On a scale of "no worries" to "Mr.Robot microwaving a hardrive", how borked is her Chromebook?

Does screen cast have any real security risks if the bad actor has no actual control? I know it's possible but I assume they had nothing on her, or no ability to escalate the attack if they were upset and hung up on her.
Should I drive up there and nuke her Chromebook?

The image is her history from that time.

View: https://imgur.com/a/x4RFFX6
 
Solution
So my question is: On a scale of "no worries" to "Mr.Robot microwaving a hardrive", how borked is her Chromebook?
Depends on malware installed during remote connection, IF scammer installed anything that is.

With scammer remoted in, they could've set up malware in the system. Keyloggers, timed ransomware etc. So, depending on what malware scammer installed during the remote connection, the severity of the issue is from 0 to 10 (0 meaning they didn't install any malware and 10 means poop hit the fan).

For one, you can format the drive and re-install the OS.
Changing every password after the format is another good option, since there's no telling if scammer logged the log-in sessions and/or got access to the usr/psw data.

So my question is: On a scale of "no worries" to "Mr.Robot microwaving a hardrive", how borked is her Chromebook?
Depends on malware installed during remote connection, IF scammer installed anything that is.

With scammer remoted in, they could've set up malware in the system. Keyloggers, timed ransomware etc. So, depending on what malware scammer installed during the remote connection, the severity of the issue is from 0 to 10 (0 meaning they didn't install any malware and 10 means poop hit the fan).

For one, you can format the drive and re-install the OS.
Changing every password after the format is another good option, since there's no telling if scammer logged the log-in sessions and/or got access to the usr/psw data.

Once granted access, she said they couldn't move anything, they had to instruct her to do everything. So it wasn't remote access but some kind of screen casting?
Depending on remote access software, one can set it up where original person behind the device can't see or do anything, while the one who remotes in, has full access. Usually, the put the screen blank, run some directory tree commands or other similar commands, bring the screen back, to show that system is "infected" and then ask for money to fix it.

Watch this and show it to your mum too:

View: https://www.youtube.com/watch?v=LWWn4D2F0ek


- googled how to talk to a real person from comcast, and found the following number: 1-888-927-0775
When trying to reach some company, always use the official website and contacts found there. Don't just Google it, since it can lead to scam sites with scammers number.
 
  • Like
Reactions: _dawn_chorus_
Solution
IF they really had no access and she had to do everything, and IF she correctly told you 100% what she did, it sounds like little happened. From what you said they don't even have her Email password.

But because moms don't remember everything, I'd still be a bit worried. Reset the chromebook. Change the password on the email address. And because people tend to reuse email/pass combos, change the password for anywhere that email/pass is used. It's probably nothing. But I'd still err on the side of caution.
 
  • Like
Reactions: _dawn_chorus_