Home Forums FineTunedMac Community Lounge Another Scam

My son-in-law called last night in a complete panic. He had received an email he thought was from his brother, at least the header had his brother's email address listed as the sender. He was unable to open the email on his iPhone so when he got home he went straight to his new iMac and opened it there. The message consisted of nothing but a URL which he clicked on thinking maybe it was some pictures his brother took on vacation. At that point everything went to hades in a hand basket.

• Safari opened, as expected when you click on a URL,
• a popup window appeared on the screen announcing his computer had been infected with malware and he needed to call "Apple Repair Resources" (or something like that immediately to prevent further damage to his computer.
• He tried unsuccessfully to close the window, [*\he tried unsuccessfully to quit Safari,
• he shut down his computer and rebooted only to be immediately presented with the same message.
• As this is his business computer he was beginning to panic at this point, so he called he number on the screen.
• The helpful technician indicated the problem could be fixed but the tech would have to have access to my son-in-law's computer. Following the tech's instructions he allowed the tech full admin access to his computer
• as that was going on, the tech informed him that he could be protected from further attack of this type for only $600 for a three year contract or a special price of $700 for four years.
• At that point my son-in-law shut his computer down.
• By the time I got involved the link between the SSD and HD portions of his fusion drive had been broken and reinstallation was impossible — for me that is.
• The Genius Desk at the Apple Store had the Fusion drive working and a fresh copy of El Capitan installed in less than ten minutes (of course that was after a 90 minute wait to see the Genius).

My-son-law said the Apple Store Genius Desk in Orlando told him they were seeing several of these cases a day and the number is accelerating. The Genius' further recommendations were:

• If you get an email containing only a URL and you are not expecting…
  • Do not click on the link even if it appears to be from a legitimate source
  • Either delete the email or
  • Contact the reputed sender to verify its legitimacy before clicking on the link
• If you click on the link and it is malware
  • Do not call the number on your computer screen
  • Call Apple at 1-800-275-2273 They can walk you through a fix on the phone and it only takes a few minutes.

Any speculation on how this comes to pass?

Is the brother a PC user?

There are probably 30 or 40 PCs in the brother's law office. But getting an email address is no great trick. Given they are family there are probably half a hundred or more computers that both addresses either in the address book or in stored message headers.

That is 20+ year old spam technology to collect that kind of data. Since the brother's law office is in Miami one of his computers being infected would not account for the number and increasing numbers of Apple users showing up at the Orlando Apple Store with the same story.

I have received similar emails and I immediately delete them. I just showed Joe's post to my wife so that she can be made aware of the problem. Thanks, Joe!

If I'm following you, there's a new PC virus out there that's the source of the emails, and a computer in the brother's office may be one of the PCs infected with it?

As far as I know, the stunt you've described can't be pulled off on a Mac.

This sounds like something that should be added to Scam Zapper's database, but how do you report it without becoming a martyr?

There are hundreds, if not thousands of viruses, many of which are old enough to vote, that capture related email addresses; hundreds of millions of vulnerable PCs, millions if not tens of millions of infected PCs, not to mention sophisticated network tools for intercepting and harvesting such data enroute without the help of anything on the local computer, and no small numbers of databases containing that kind of data licitly and illicitly collected for sale on the internet. In other words there are a myriad of sources that could have come from. Even though collecting that data from a Mac has not been done — yet, does not mean it wasn't harvested from an email sent from a Mac.

The point is not where the email addresses came from rather that Macs and I would assume Windows boxes are vulnerable to this particular ransomware attack. Apple is aware of the attacks and I have read that Sierra and maybe it made it into El Capitan 11.6 will have code that is not only disarms this type of attack but will remove any illicit code when the OS update is installed. I have not heard anything about if or when such changes will be available for anything prior to OS X 11.6.

Thanks for the clarification.

And here's another gem which I seem to be getting on almost a daily basis. Need I note that I'm not a Microsoft customer?

- - - - - - - - - - - - - - - - - - -

Microsoft Customer Satisfaction Survey

Dear Microsoft Customer,

Thank you for using our services. We would like to gain your valuable feedback to help us improve our quality of service.

If you have not yet completed the survey, Microsoft would appreciate 2 minutes of your time. We would like to ask you a few questions regarding your recent contact with our team on Friday, July 15, 2016.
The case number was 1347416127.

Click here to start the survey.

Please note that this invitation will expire soon. Please respond before Monday, July 25, 2016.

Thank you for your valuable feedback and time.

— Your Microsoft Team

Can you send me the contents of the email (without the headers--have him look at the email, use Command-U to show source, and just copy/paste the body without headers into a new email to me)? I'd love to track it down.

When you open a browser window and it keeps popping up alerts over and over that do not allow you to close out of the browser, there will be a little checkbox at the bottom of the alert that says "Prevent this page from opening any more alerts." This checkbox is easy to miss when you're in a panic, but you just check it, hit Cancel, and you can then close the browser page.