Enjoy your malware, sucker!

What it feels like to fall victim to a scam

mackeeper 2

Man, do I feel like a putz. My weekend started with a call to Apple after I had given my AppleID password to a technician over the phone. No, it wasn't an Apple technician. It was some guy named Jimmy at ZoomSupport, whom I had just paid $200 to remove adware from my new Mac.

Yup, that's what happened. Even though I have worked in security for nearly two years and had countless conversations with industry leaders, written dozen of articles on security awareness training, and questioned why people are still clicking when they shouldn't be, I did it. I clicked.

I'm not proud, but I do want to share my story so that you can understand what's going on in the end user's mind as the scam unravels right before their eyes in a seemingly legitimate way.

When I was entering information into a banking form, something happened and I wasn't able to type in the box. A screen popped up that said my version of Adobe Flash was outdated. 

Stupidly, I decided to download to install the newest version. In hindsight, I know it was bad, but it seemed acceptable for a few different reasons. 

  • I had just switched to a new Mac from a PC, and Mac's are supposed to be more secure (I thought).
  • I have an AV running on my computer.
  • I do have Adobe Flash running.

Well, it wasn't long before my internet activity was cluttered with annoying pop-ups. I checked the system settings and made sure that the pop-ups were blocked, yet still they appeared with every click.

I was able to get nothing done, and I had a story to write.

A superhero looking icon called MacKeeper popped up telling me that I had a lot of unnecessary programs running that were cluttering things up, causing slow activity. That made sense, and I trusted that the application was called Mac-anything. What a sucker!

For the affordable fee of only $142.80, I was able to live chat with Andrew who helped authenticate my purchase and run the cleanup of my files. While this was going on, Andrew kindly offered to have a technician remotely check and make sure there was no malicious software running on my system.

Jimmy then introduced himself on a new screen and proceeded to show me how much memory I was using, citing that I was near my limit. 

"So, there is a capacity, but if you get close to capacity, the computer doesn't run optimally?" I asked.

He then inquired whether I had downloaded anything from a pop-up window, to which I responded yes.

"Adobe Flash," he asked.

"Yes," I said.

"It looks like you have some adware on your computer. Don't worry, I can take care of that for you," he said.

At this point, I was angry with Apple and Norton. I'd used a PC my entire life, and I have never been scammed or picked up any virus. I've had this Mac for only three weeks and now I have adware? 

Then I was angry at myself. I SHOULD KNOW BETTER!

Jimmy then gave me a price list of options to remove the adware, and I chose the one-time fix for $200. He said it would take 2-3 hours for the process, but I didn't need to sit in front of the computer. He asked for my phone number in case he was disconnected.

About 20 minutes later, I got a call from Jimmy saying that he needed the password to access my desktop. I gave it to him, mostly because I was at the neighbor's house with my kids, so I wasn't really thinking about security.

When I checked my email and saw the receipt from Zoom Support, I felt like I was going to throw up. That's when it hit me. Yes, people--it took me that long to realize that I had been played for a fool.

I called Apple Support and they confirmed that MacKeeper is malware.

But the malware on my system wasn't the security product from Kromtech, which also uses the name MacKeeper. This is Rogue Anti-Virus, a program that hijacked the MacKeeper brand in order to gain some false legitimacy.

Apple walked me through a clean-up and advised me on how to rectify the situation and try to safeguard my identity.

Here's what I did:

  1. Restart the computer and download the latest software again.
  2. Run Malwarebytes to remove any malicious programs.
  3. Move the Zoom Support remote icon to the trash and empty the trash.
  4. Call my credit card company and report the fraud (for one payment).
  5. Call PayPal and report the fraud for the second payment.
  6. Change all of my passwords--on every account from email to social media to the New York Times.
  7. Call the police and report potential identity fraud.
  8. Complete a potential identify fraud report online with the FTC.

It's a process. A time consuming, reactive process that I could have avoided, but I let my guard down, and I trusted that I was safe online. I'm not happy, but I'm a little more empathetic and a little more guarded. 

Let me confirm that there is great value in security awareness training--when you teach your employees what to look for, they will know what to click and what not to click. Unfortunately, I work for and by myself, so I had to learn the hard way.

Copyright © 2016 IDG Communications, Inc.

The 10 most powerful cybersecurity companies