Gotoassist phishing A family friend has fallen for a facebook phishing scam. A popup told her she had major problems on her computer and to ring an 0800 number, which she did. It seems as though they coached her through downloading your software - Gotoassist. From there I'm not sure what they did to her system. They asked for money to fix her "problems" (though of course there were none) at which point she got suspicious, put the phone down and turned off the computer. I've removed gotoassist (it was installed via the app store) - I've found gotoassist or citrix logs in the \user\app... directory but am unsure what they are telling me. Virus and malware scans show no infections, but I'm still suspicious that something is lurking on her system. My first inclination is to wipe the machine and reinstall the OS and change her passwords. Are there any other recommendations?
This is something we work with often; we have had many customers fall for these scams. First, from what I read, no one gave out credit card info, and if you ever did, you can always ask credit card for chargeback for scam if charged. We have saved a lot of folks from this. Next, I would do a system restore to a day or so before they accessed the computer as there may have been downloads that you are not aware of. This ensures those are gone if installed. Finally, it is a good idea to do a password change for email and any online log ins used on the system. A scan of malware/virus would not pick up these kind of things.
An older client was called by a phisher(?) 2 days ago posing as a "Microsoft Support Technician" telling her that her "Microsoft license was set to expire" and that she would need to pay $199 to extend it another 2 years. She allowed him to connect to her computer, using GoToAssist Corporate software, and proceeded to pop around while telling her that her computer would cease to function, etc etc. During this connection, he transferred a .bat over to her startup folder in order to pop up a "License expired- call xxx to renew" message and crash explorer.exe upon the next reboot. Thankfully, they were dumb, and she got suspicious when they wouldn't take her credit card, but told her she would need to pick up 2 $100 iTunes gift cards at Walgreens/Walmart/Target. lolwut.
Anyway- long story short- I know that they were probably using a pirated license to begin with, but, regardless, would you guys like the logs and/or a .txt of the .bat? It can't look good for people to be getting scammed when your software is the only specific name/program these people are seeing on their screen. Let me know- email@example.com