Beware What You Type In URL Bar

K

kaneohe

Thinks s/he gets paid by the post
Joined
Jan 30, 2006
Messages
4,172
Yesterday I read a post at bogleheads.org that sounded interesting. It was
for the camel^3.com site that supposedly tracks Amazon prices over time. I typed in the url and stared at the screen which didn't seem to be exactly what I expected (but I had never seen it before). I picked the most likely selection and clicked it. Then all hell broke loose.......a message popped up that I was infected by something, don't turn the computer off, and call some tollfree number. I tried to click out of that, go back, exit the link, many things but the screen kept popping back. I then tried to shut the computer off by pressing the on/off switch. Nothing seemed to happen and when I pushed it again, the message said it was in the process of shutting down......seemed like eternity but finally it shut off.

I didn't realize it at the time but I had mis-typed the url and left one of the 3
"l"s in camel^3 out. I was a bit suspicious because the screen said it had detected chrome (correct) and windows (incorrect since this is a Macbook).

I cleared the Chrome cache/history so that the bad link was not be there.
Everything seemed to be fine but I was worried about residual effect.
I called Apple Support today and the rep seemed to think everything was fine. He said these bad guys aren't so much interested in infecting you as getting money from you if you call that tollfree number. He said he gets 10 calls a day like this and is 100% sure everything is ok. I asked if he would be 110% sure and he said yes.

Do you believe him?
 
I don't really know what else you can do. If you were running Windows, I'd suggest doing a Windows disk cleanup to remove temporary files, history, cookies, and so on, then then running the free Malwarebytes software and my Norton software just to be sure.

I do that every Saturday anyway before I do my two weekly backups (which are probably overkill but I like doing them anyway).

I like that http://camelcamelcamel.com/ website but I'll be careful to only go there from a link in my Favorites, from now on. I just put it in my favorites after reading what happened to you.
 
Last edited:
kaneohe said:
I was a bit suspicious because the screen said it had detected chrome (correct) and windows (incorrect since this is a Macbook).
Click to expand...

Such incorrect info is a tipoff it's a fake message. If you operate your browser without permitting any active code, such as javascript, to execute you are all but guaranteed to not get infected.
 
Had you called them you would probably be out of a few dollars and, having given them the necessary access to 'clean-up' your computer, you would now have their spyware on your machine recording your keystrokes.

My guess is that since you did not actually fall for their trick and just shut down the computer, you are probably all right.

One thing to do is to not run as an Administrator. That severally limits what these criminals can do to your computer since Administrators have lots of power to change things on a computer. It can be a pain at times when you want to load new software, etc. but it does stop a lot of criminals dead in their tracks.
 
Sounds like the site was trying hijack your computer with ransomware.

For some urls that sound kind of funny, I do a search on the url in google first. If the returned description sounds okay, then I click on the link or enter in the url.
 
If you don't have a backup of your computer before the incident I would certainly take the time to make one now.
 
BIL took the bait on the same scam, called the number and talked to a very convincing crook who told him they contracted with Apple to clean computers of this virus (which he named and is real).. BIL forked over $300. Crook took control of his IMAC and ran a few cleaning utilities while he disabled the program that he used to hook him so the computer was actually cleaned..just not of the virus which was never infecting him, only the widget that the scammers use to jam his screen and OS.
When he finally talked to Apple and found out it was a scam, it scared him so bad that he wiped his disc and started over. Apple implied that the bad guys might have left malware and/or pinched their private data.
After the clean wipe, he spent 2 days changing passwords and also installed a password manager that I recommended....Password Keeper.

Hope your Mac is ok!
 
Run a virus scanner, there must be one even for Apple systems, as I have Linux (Apple is based on a linux) , and there is one you can get for Linux, so there must be one for Apple.

You did click on something, so it could have installed a trojan, which is how most Apple folks get bit :)
 
Sunset said:
Run a virus scanner, there must be one even for Apple systems, as I have Linux (Apple is based on a linux) , and there is one you can get for Linux, so there must be one for Apple.

You did click on something, so it could have installed a trojan, which is how most Apple folks get bit :)
Click to expand...

Indeed there is and it's free.

https://www.sophos.com/en-us/lp/sophos-home.aspx
 
Looks like the Microsoft tech support scammers got outsourced and now support Apple :facepalm:.
 
I ran into something similar when helping a guy hook up a printer the other day. In our case, they used a popup window to throw up a scare like you saw. They made it even more effective by including a wav file of an authoritative voice warning not to continue and to call the toll free number immediately. Clear your cache and ignore it. If you particularly alarmed download and run Malwarebytes.
 
Tailgate said:
BIL took the bait on the same scam, called the number and talked to a very convincing crook who told him they contracted with Apple to clean computers of this virus (which he named and is real).. BIL forked over $300. Crook took control of his IMAC and ran a few cleaning utilities while he disabled the program that he used to hook him so the computer was actually cleaned..just not of the virus which was never infecting him, only the widget that the scammers use to jam his screen and OS.
When he finally talked to Apple and found out it was a scam, it scared him so bad that he wiped his disc and started over. Apple implied that the bad guys might have left malware and/or pinched their private data.
After the clean wipe, he spent 2 days changing passwords and also installed a password manager that I recommended....Password Keeper.

Hope your Mac is ok!
Click to expand...

How did BIL pay the $300? Credit Card? If so, did he contest it? If he paid with Green Dot, Western Union, Money Order, Direct access to his bank account, Bitcoin etc. etc. then he would probably not have any recourse.

The non-standard (ie non-CC) payment methods would be a dead-giveaway to me that something is not on the up and up.

Just curious how these folks are managing to collect.

-gauss
 
I got hit by ransomware the other week - first time in a long while (at least 15 years) something iffy happened.

I still don't know for sure what the attack vector was, probably through a hole in MS outlook that automatically executes malware (I don't click on anything). This was with Windows 10 and two virus scanners active ..

The way these guys work: they encrypt all your datafiles, delete the originals and leave instructions on your hard disk how to pay them for decryption. Which basically is acquiring bitcoin and sending it to them.

You have a week or so to do it, then they double the price. A bit later and they delete all the keys and links provided in the instructions. Presumably to make it more difficult for the cops to find them.

I did a full factory reset and restored from cloud storage (revert the deleted files). Some people I found on forums supposedly have paid them. Price is about 500$.
 
kaneohe said:
Yesterday I read a post at bogleheads.org that sounded interesting. It was
for the camel^3.com site that supposedly tracks Amazon prices over time. I typed in the url and stared at the screen which didn't seem to be exactly what I expected (but I had never seen it before). I picked the most likely selection and clicked it. Then all hell broke loose.......a message popped up that I was infected by something, don't turn the computer off, and call some tollfree number. I tried to click out of that, go back, exit the link, many things but the screen kept popping back. I then tried to shut the computer off by pressing the on/off switch. Nothing seemed to happen and when I pushed it again, the message said it was in the process of shutting down......seemed like eternity but finally it shut off.

I didn't realize it at the time but I had mis-typed the url and left one of the 3
"l"s in camel^3 out. I was a bit suspicious because the screen said it had detected chrome (correct) and windows (incorrect since this is a Macbook).

I cleared the Chrome cache/history so that the bad link was not be there.
Everything seemed to be fine but I was worried about residual effect.
I called Apple Support today and the rep seemed to think everything was fine. He said these bad guys aren't so much interested in infecting you as getting money from you if you call that tollfree number. He said he gets 10 calls a day like this and is 100% sure everything is ok. I asked if he would be 110% sure and he said yes.

Do you believe him?
Click to expand...
When that message pops up from Macsomethingkeepers (don't remember exactly which name) exiting Safari or browser app is the only way to make it go away. But otherwise it didn't do anything. It is just a message - a popup window that won't go away. It is not all hell breaking loose although they might want you to think that.

We had a friend fall for this hook line and sinker. They finally realized they were in a scam and had granted access to their machine to criminals. Reversed the CC charge and took the Mac to geek squad. Geek squad explained that exiting Safari was all that was needed to get rid of the message, but since she had allowed access to the bad guys they did some kind of "clean up". It took us hours to get her personal files restored to where it was before.

This popup has been around for years.
 
Last edited:
gauss said:
How did BIL pay the $300? Credit Card? If so, did he contest it? If he paid with Green Dot, Western Union, Money Order, Direct access to his bank account, Bitcoin etc. etc. then he would probably not have any recourse.

The non-standard (ie non-CC) payment methods would be a dead-giveaway to me that something is not on the up and up.

Just curious how these folks are managing to collect.

-gauss
Click to expand...

Our friend paid with CC, then called CC company and reported the incident, got new card issued, so it was treated like fraud.
 
Sunset said:
Run a virus scanner, there must be one even for Apple systems, as I have Linux (Apple is based on a linux) , and there is one you can get for Linux, so there must be one for Apple.

You did click on something, so it could have installed a trojan, which is how most Apple folks get bit :)
Click to expand...
I believe the apple products (newer ones) are based on BSD, not linux. While they look similar and many applications will run on both, the way the system is configured differently and the licensing is significantly different.

But what do I know... I don't own a MAC. I used one for work a while back. It was a nice laptop. * I'm not anti-MAC.
 
Kanehoe, my FIL had similar infection from a repair company. It infected three browsers. I think by clicking button and entering email he made situation worse.

At that time Antivirus wouldn't find this. I purchased a low cost software for Mac that found all the extensions and hidden instances. All has been working fine since then.

This may or may not be helpful to you. When I find the name of software I will post.
 
It was not an infection, just a rogue window popping up in his browser that claimed his computer had been infected.
 
This pop-up happened last year to DH who totally fell for it and thought the popup was from a bonafide Apple contact. He has never used a non-Apple computer (career was spent on Macs) and came running down to get his wallet while holding the phone to his ear as he was talking to "Apple". He said to me that his Macbook was infected with the "blue screen of death" virus (he had never heard that term in his life) and he needed to give "Apple" a credit card number. It gave me great pleasure to take the phone and yell "you f'ing scammer" into it before hanging up. We immediately took to the Apple store and got the same reassurance as other posters received but the guy there also ran something to clear random things and lectured DH on popups. I have to say the experience made me appreciate Apple and why the machines cost more--the Macbook is seven years old but they didn't hesitate to resolve it at no charge.
 
Bestwifeever said:
This pop-up happened last year to DH who totally fell for it and thought the popup was from a bonafide Apple contact. He has never used a non-Apple computer (career was spent on Macs) and came running down to get his wallet while holding the phone to his ear as he was talking to "Apple". He said to me that his Macbook was infected with the "blue screen of death" virus (he had never heard that term in his life) and he needed to give "Apple" a credit card number. It gave me great pleasure to take the phone and yell "you f'ing scammer" into it before hanging up. We immediately took to the Apple store and got the same reassurance as other posters received but the guy there also ran something to clear random things and lectured DH on popups. I have to say the experience made me appreciate Apple and why the machines cost more--the Macbook is seven years old but they didn't hesitate to resolve it at no charge.
Click to expand...

Did you encounter any "resistance" in going to the Apple store? Did you just pop up there or did you make an appt? I was trying to get an appt to get what you had done but seem to be getting some subtle resistance/deflection/reasssurances/etc. so no appt yet. I think I'd feel better if somebody who knew something actually checked it out rather than just getting reassurance.
 
kaneohe said:
Did you encounter any "resistance" in going to the Apple store? Did you just pop up there or did you make an appt? I was trying to get an appt to get what you had done but seem to be getting some subtle resistance/deflection/reasssurances/etc. so no appt yet. I think I'd feel better if somebody who knew something actually checked it out rather than just getting reassurance.
Click to expand...

I was freaked out that DH might have had some financial stuff that could have been compromised so we drove to the Apple store immediately without an appt. (It's only ten minutes from our house). Someone there took care of DH right away. I made Apple guy explain why the Macbook was not compromised in all likelihood and I believed him, but it was good to have all DH's files "cleaned up" just in case. Of course, then they found 30k random secret emails hidden in it (kidding!)....
 
bingybear said:
I believe the apple products (newer ones) are based on BSD, not linux. While they look similar and many applications will run on both, the way the system is configured differently and the licensing is significantly different.

But what do I know... I don't own a MAC. I used one for work a while back. It was a nice laptop. * I'm not anti-MAC.
Click to expand...

You are correct. I was sloppy in my wording as I said "Apple is based on a linux" , when in reality BSD and Linux are based on Unix , and when I say based I don't mean copied.

I've also used Mac's at work locations, and at one they gave me a Mac, so I installed Linux as dual boot and use that. It totally weirds them out I'm not running Mac as a Mac.
At home I use Windows and Linux as I don't need to pay the Apple tax.
 
Bestwifeever said:
I was freaked out that DH might have had some financial stuff that could have been compromised so we drove to the Apple store immediately without an appt. (It's only ten minutes from our house). Someone there took care of DH right away. I made Apple guy explain why the Macbook was not compromised in all likelihood and I believed him, but it was good to have all DH's files "cleaned up" just in case. Of course, then they found 30k random secret emails hidden in it (kidding!)....
Click to expand...

Lucky you! I was under the impression that you had to wait forever w/o an appt but maybe that's the way to go since they seem to be trying to nudge me gently from making an appt.
 
kaneohe said:
Lucky you! I was under the impression that you had to wait forever w/o an appt but maybe that's the way to go since they seem to be trying to nudge me gently from making an appt.
Click to expand...

I think it depends on how busy they are. I have 3 stores within about 10miles and have to wait about 3 days for an appt. A drop in appt wait is approx 1-2hours although could be longer.
 
I must have gotten a pop-up like the OP describes at least 10 times over the last few months. I just restart the computer and all is good. I run Malwarebytes and anti virus software and all say there's no problem. Just ignore the message and restart your computer, no big deal.
 
You must log in or register to reply here.

Similar threads

S
  • Locked
How dangerous are our streets
Replies
13
Views
454
MichaelB
MichaelB
M
New Car Dealer REQUIRES Financing
2 3
Replies
61
Views
3K
brucethebroker
B
P
So disappointed with my Honda experience
2 3 4
Replies
77
Views
5K
Koolau
Koolau
Teacher Terry
Stolen License Plate
2
Replies
38
Views
900
Jerry1
Jerry1
PaunchyPirate
Helping an elderly parent stay on top of their financial accounts
Replies
24
Views
935
1242Vintage
1

Latest posts

Back
Top Bottom