How are you folks handling Scam Popups

[drnick5]

Hey Folks,

I'm trying to refine some procedures for break fix stuff. One of the biggest things we've been seeing more and more of lately is Customers that come in after being a victim to a scam popup (you know the type, screen gets locked, says to call this number to speak to "Microsoft", and so on.

In some cases the client will tell me they call the number, perfect! I can close out of the popup, then reopen the browser and make sure it doesn't restore the last page, and they're good.... problem solved. Yet, in a lot of cases I don't bill for these

In other cases, they called the number, and let whoever into their computer... this is obviously worse, and comes with other issues like passwords or data possibly being compromised. Sure, I can remove Ultra viewer or whatever remote support software they used, or wipe/reload the computer entirely, but then theres the possibility of other issues because of this.

How do you guys handle these situations and what do you bill for it?

 

[britechguy]

If someone calls me at the stage where they're in a panic, but no action whatsoever has been taken as far as interacting with the pop-up. I spend a few minutes on education, congratulate them on NOT having rushed to interact, and tell them to tell all their friends about their experience and about having done the right thing, which is nothing. Then I suggest they simply restart the computer rather than interact with anything. I usually don't bill at all if it's just a few minutes discussion.

If they've engaged and particularly if anyone's been in, then it's a nuke and pave with billing for the whole process. If they are not M365/OneDrive users and all their user data has to be backed up and restored, then I do that with Fabs and it's part of the bill. After restoration an immediate full system scan is done with Windows Defender (and I've yet to see any infected data). I then give them the, "legitimate businesses will NEVER ask you to call them, and particularly by making you fearful to get you to do so," lecture and tell them what they should NOT do in the future. Whatever time this takes is billed at whatever my going hourly rate happens to be when it happens.

 

[GTP]

This ^^

I do the same/similar to what Brian outlined above.
If the customer is dumb enough to get stung a second time after being given the above lecture, (and they have!) I get a bit more forceful.

If they get hit a third time, I'm out. If they can't help themselves there's little more I can do.

 

[britechguy]

If the customer is dumb enough to get stung a second time after being given the above lecture, (and they have!) I get a bit more forceful.

I've had this happen a few times, too. And in addition to being more forceful, all assistance is billed in this case. I am a real believer in the old saying, "A word to he wise is sufficient."

Although I would never say this to the client, in my mind I'm thinking, "If you were foolish enough to react to this after I spent the time to educate you, and did so in a way where I was certain that you understood what I told you, then free assistance of any kind is off the table!"

Once burned by something like this should be more than a sufficient experience to make one know what NOT to do.

 

[timeshifter]

"legitimate businesses will NEVER ask you to call them, and particularly by making you fearful to get you to do so,"

I also emphasize how freaking hard it is to call any business and talk to a person, especially large tech companies. Companies go out of their way to not let you find their phone number. When you do scrounge around and find one the auto attendant will tell you that you can find answers on their website 24 hours a day! And then they'll do everything in their power to keep you from talking to a human like texting you a link, etc. Given all of that, doesn't it seem unlikely that they'd so willingly give a number to call?

 

[carmen617]

I also emphasize how freaking hard it is to call any business and talk to a person, especially large tech companies. Companies go out of their way to not let you find their phone number. When you do scrounge around and find one the auto attendant will tell you that you can find answers on their website 24 hours a day! And then they'll do everything in their power to keep you from talking to a human like texting you a link, etc. Given all of that, doesn't it seem unlikely that they'd so willingly give a number to call?

This! I tell them PEOPLE ARE EXPENSIVE. The only "easy" number to find is your bank, and you should only call the number from the back of your credit/debit card. They are required to put it there by law, and even then you have to navigate through a million voice prompts to get to a person. If someone has a big bold prominent phone number for you to call, it's because they make their money by you calling them.

I pretty much follow Brian's playbook above - if they just have the blaring message, or even if they've called the number, but not let them on their computer, I just talk them through shutting down the browser or restarting. I can't tell you how many times I've said "no, hold the power button down for at least 30 seconds to shut the system down completely", lol. If they let the scammers on, for any length of time at all, I insist on a full nuke and pave. Once I get my hands on the system, I add uBlock Lite or Ghostery to block pop-up ads.

 

[YeOldeStonecat]

Walk them through ctrl alt del bring up task manager close the browser session. Then I dump temp files. Usually that clears it.

Since we just support businesses, not residential, we don't run into the issue of "they called and started a remote session with the scammers"...they know to call us and we just walk them through clearing it. Or we'll remote in and send a ctrl alt del to task manager close the browser.

Rarely get the issue anymore, between using DNS Filter agents on most of our managed clients, and esp since Edge browser now as scamware blocking as a feature in the browser, and Chrome recently beefed up their similar feature....at least for now it's not too common.

 

[Markverhyden]

While reboots are usually fine I've added clearing browsing history to the list. Not often but I had more than a few call me back saying "it's back" because they went back to the scene of the crime. At this point it's noted to the customer that it's only been 10-15 minutes so there's no charge. Repeat offenders only get one lagniappe. Occasionally a full browser rest may be needed. Of course this only applies to those who aren't so stupid as to allow total strangers.

Almost forgot. If they indicated they were doing a search I'll ask what are they using for a search engine. Even after all these years Yahoo still serves up a larger number of scam links than the others.

 

[carmen617]

Almost forgot. If they indicated they were doing a search I'll ask what are they using for a search engine. Even after all these years Yahoo still serves up a larger number of scam links than the others.

Which is incredibly frustrating when the Yahoo search engine has been relabeled "Safe Search" and made the default through the client enabling McAfee or Norton browser extensions.