Over the last couple of years, I have been asked to go help people affected by one of the worse and pernicious computer scam I have ever come across. It is pernicious because it is not that sophisticated but can bring a lot of problems.
Typically a user would browse the internet, use a search engine looking for something that is not that common (a product or a service) that is unlikely to be offered or answered by one of the major tech companies. Usually these services and products websites do not have the same level of security as Amazon, FaceBook or AliExpress.
Hackers identify websites with low quality security and instead of changing the content of the site, they add code that triggers of pop up or a new screen with a “virus infection” message and a request to call a “Microsoft” number. The code is quite rudimentary, yet it makes the browser the point of focus and prevent regular use of mouse to get out of the page. An average user would probably trigger the task manager and close the browser, but for the average person, the first reaction is to call the number.
The hackers pretend to be from Microsoft and will instruct the poor user to download all sorts of remote monitoring and remote control software. They will ask the user to verify that money was not taken from their bank account by logging to their online banking and other financial services. By this stage the hackers can see everything the user is doing and steal all their credentials.
That’s when typically the user realises that something is fishy, but not always. My advice is to immediately call all the banks the user is banking with and suspend internet banking. I then come and help remove the monitoring software and ensure no other malicious content is present on the machine. Because these hackers are not sophisticated, usually the damage done to the computer is very limited: no encryption, no trojan, no bios rewrite or anything like that, but sometimes they do so much damage that a full rebuild may be necessary. Thanks to cloud storage, this has become very painless these days.
I would strongly recommend to anyone to implement 2-form factor authentication for every online account. And to use common sense: DO NOT CALL AN UNKNOWN NUMBER. Remember Ctrl+F4 to close the browser or Ctrl+Atl+Del to bring up the task manager can save from a lot of trouble.