They tried to get me to use 414756993 02 Sep 2016

They scammed my pal Dec 1st, 2016 with #101288116. He was on the phone with this guy from Denver, and I overheard a bit of the conversation so I suggested he call him back until i check into it, but my assured me this carp was an Apple Tech.
They took 800 bucks while claiming he would protected for life.
Mr. Carp had full control of Jim's (my friend's) computer. And apparently he got took a year ago in what sounds to be very similar attack
I'm no tech and can barely make out what most of you guys are talking about. I just keyed in, fastsupport.com to double check and ended up here. Any advice on what Jim should do would be appreciated. Might his credit card/banking info be in danger. I actually listened as he gave the three digit code for his card and while the crook was double checking mailing address.

It's not really a practical solution. As a reputable IT support company, we get 1st time calls from local adhoc businesses all the time and regularly carry out remote support for them after only a telephone call. We do take the time to ensure they know we're local and reputable, but then so do scammers.

The problem is education. I get on average 3 or 4 calls per month, mainly from home users who've fallen for the IT support scam. Some have fallen for the cold calls, but many have called the toll free number presented to them via the infection which gives the impression that they're dealing with Microsoft. The other thing they fall for is search results. Just type in Microsoft Support into google and you'll see the top results (paid adverts) are designed to look like Microsoft Support but are in fact nothing to do with Microsoft. Microsoft Helpline UK is currently top when searching in the UK and they are not Microsoft. Sadly people fall for it and call the number.

Education is key here. There needs to be much more information out there and not just in the form of blogs or online media. Most of the people I deal with who fall for these scams are lets say, the older generation.

As for citrix, yes, more could be done to make it difficult for criminals getting access to gotoassist on a trial basis.  That said, in my experience, most of the scammers connect remotely with team viewer. I believe it can be used for free (home user) without actually having to register an account. I could be wrong here but it's definitely the tool of choice for these guys.

On the fastsupport.com page, there should be a much more prominent warning. When they click 'continue' a small survey should be given.

Warning! By continuing, you are giving control of your computer to a 3rd party. Do not continue if you have not verified the identity of the person/s wishing to take control.  Click here to learn about the dangers. (link to jargon free info page)

Before you continue, please select an answer:
1. Have you verified the identity of the 3rd party, do you trust that they are who they say they are? Yes / No
2. Are you sure you would like to continue giving control of your computer to a 3rd party? Yes / No / Not Sure (not sure, link to jargon free info page)

In addition there should be a prominent warning visible on the client that it's a trial account the 3rd party is using. For all accounts regardless of trial or not, the client should also state (prominently) that the user can disconnect the session at any time if they become suspicious by clicking the exit session button.  Make the end session button bigger! Heck, give them a 'panic' button.

Tim:

• COL won't really help you with this. Its your responsibility to protect yourself from stranger danger.
• In the future, never accept unsolicited computer support or grant access your computer to a stranger
• I'd change all my online passwords (use a password vault if you don't have one - Keypass, Dashlane, etc...)
• Report credit cards lost or stolen, get replac3ments and watch your accounts very closely. 
• You might consider this a good time to subscribe to Life Lock if you haven't. The big advertisers offer discount codes. 
  
• Set up your credit card and bank account carriers to add activity alerts linked to your cell phone. Keep it charged, turned on and on your body. 
• If you must do online business with a potential shady vendor,  use Pay Pal, not your credit card and certainly not your debit card.
• Trial offers are notoious for silenty converting into unwanted recuccurring bills. Watch Paypal for any authorized charges and cancel them as soon as they appear, much easier than disputing or canceling a payment through a bank.

Thank you very much for the advice Felton.
My friend is still out a week's wages, but we called Apple today and managed to clean up his computer at no cost. 
Much appreciate your time.

I got this scam through Linksys, was told to go to this website to configure the router and this woman tell me to go to fastsupport. I fell for it for $150. Now I have to wait until the charge shows up to reverse it. The warning says UNSOLICTITED. I read it but thought its part of the setup for the router. .

Hi Vanessa,
I'm sorry about that.  While we offer the services of GoToAssist to help people through the fastsupport website, we only provide the point of connection and control software.  If you've been inappropriately solicited by someone, please see this support document for further instructions:  http://support.citrixonline.com/en_US/gotoassistremotesupport/all_files/G2ARS040007

Hi there, 

I called the support line today, I downloaded citrix but it didn't open on chrome. Was blocked with the version of mac OS X. The lady then asked me to log onto safrai, my internet was running slow so she asked me to restart my computer, when I did I realised chrome was working fine without error. She tried to get me to log back onto sarafi to enter a support key but I didn't and said I no longer wanted her service. 

Although I was lucky, my question is, did they get access if I downloaded citrix? 
I had to enter the support key to get to the download, but because it never opened, can I assume they didn't get access? Would I have had to grant 'remote' access too with an OK button if they did? 

Hi Natalie,

Downloading the installer is not enough for them to gain access to your computer. The software would have needed to run and you would have needed to give them permission to connect to your computer. You would have seen a message displayed telling you that they were connected.