Join Early Retirement Today
Reply
 
Thread Tools Display Modes
Beware What You Type In URL Bar
Old 08-06-2016, 11:46 AM   #1
Thinks s/he gets paid by the post
 
Join Date: Jan 2006
Posts: 4,172
Beware What You Type In URL Bar

Yesterday I read a post at bogleheads.org that sounded interesting. It was
for the camel^3.com site that supposedly tracks Amazon prices over time. I typed in the url and stared at the screen which didn't seem to be exactly what I expected (but I had never seen it before). I picked the most likely selection and clicked it. Then all hell broke loose.......a message popped up that I was infected by something, don't turn the computer off, and call some tollfree number. I tried to click out of that, go back, exit the link, many things but the screen kept popping back. I then tried to shut the computer off by pressing the on/off switch. Nothing seemed to happen and when I pushed it again, the message said it was in the process of shutting down......seemed like eternity but finally it shut off.

I didn't realize it at the time but I had mis-typed the url and left one of the 3
"l"s in camel^3 out. I was a bit suspicious because the screen said it had detected chrome (correct) and windows (incorrect since this is a Macbook).

I cleared the Chrome cache/history so that the bad link was not be there.
Everything seemed to be fine but I was worried about residual effect.
I called Apple Support today and the rep seemed to think everything was fine. He said these bad guys aren't so much interested in infecting you as getting money from you if you call that tollfree number. He said he gets 10 calls a day like this and is 100% sure everything is ok. I asked if he would be 110% sure and he said yes.

Do you believe him?
kaneohe is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 08-06-2016, 12:01 PM   #2
Moderator Emeritus
W2R's Avatar
 
Join Date: Jan 2007
Location: New Orleans
Posts: 47,472
I don't really know what else you can do. If you were running Windows, I'd suggest doing a Windows disk cleanup to remove temporary files, history, cookies, and so on, then then running the free Malwarebytes software and my Norton software just to be sure.

I do that every Saturday anyway before I do my two weekly backups (which are probably overkill but I like doing them anyway).

I like that http://camelcamelcamel.com/ website but I'll be careful to only go there from a link in my Favorites, from now on. I just put it in my favorites after reading what happened to you.
__________________
Already we are boldly launched upon the deep; but soon we shall be lost in its unshored, harbourless immensities. - - H. Melville, 1851.

Happily retired since 2009, at age 61. Best years of my life by far!
W2R is offline   Reply With Quote
Old 08-06-2016, 12:07 PM   #3
Thinks s/he gets paid by the post
 
Join Date: Nov 2011
Posts: 3,876
Quote:
Originally Posted by kaneohe View Post
I was a bit suspicious because the screen said it had detected chrome (correct) and windows (incorrect since this is a Macbook).
Such incorrect info is a tipoff it's a fake message. If you operate your browser without permitting any active code, such as javascript, to execute you are all but guaranteed to not get infected.
GrayHare is offline   Reply With Quote
Old 08-06-2016, 01:46 PM   #4
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 17,169
Had you called them you would probably be out of a few dollars and, having given them the necessary access to 'clean-up' your computer, you would now have their spyware on your machine recording your keystrokes.

My guess is that since you did not actually fall for their trick and just shut down the computer, you are probably all right.

One thing to do is to not run as an Administrator. That severally limits what these criminals can do to your computer since Administrators have lots of power to change things on a computer. It can be a pain at times when you want to load new software, etc. but it does stop a lot of criminals dead in their tracks.
__________________
Comparison is the thief of joy

The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 08-06-2016, 01:57 PM   #5
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 13,130
Sounds like the site was trying hijack your computer with ransomware.

For some urls that sound kind of funny, I do a search on the url in google first. If the returned description sounds okay, then I click on the link or enter in the url.
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 08-06-2016, 03:26 PM   #6
Thinks s/he gets paid by the post
gauss's Avatar
 
Join Date: Aug 2011
Posts: 3,594
If you don't have a backup of your computer before the incident I would certainly take the time to make one now.
gauss is offline   Reply With Quote
Old 08-06-2016, 04:19 PM   #7
Thinks s/he gets paid by the post
Tailgate's Avatar
 
Join Date: Jul 2013
Location: Texas
Posts: 1,065
BIL took the bait on the same scam, called the number and talked to a very convincing crook who told him they contracted with Apple to clean computers of this virus (which he named and is real).. BIL forked over $300. Crook took control of his IMAC and ran a few cleaning utilities while he disabled the program that he used to hook him so the computer was actually cleaned..just not of the virus which was never infecting him, only the widget that the scammers use to jam his screen and OS.
When he finally talked to Apple and found out it was a scam, it scared him so bad that he wiped his disc and started over. Apple implied that the bad guys might have left malware and/or pinched their private data.
After the clean wipe, he spent 2 days changing passwords and also installed a password manager that I recommended....Password Keeper.

Hope your Mac is ok!
Tailgate is offline   Reply With Quote
Old 08-06-2016, 06:03 PM   #8
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Sunset's Avatar
 
Join Date: Jul 2014
Location: Spending the Kids Inheritance and living in Chicago
Posts: 17,008
Run a virus scanner, there must be one even for Apple systems, as I have Linux (Apple is based on a linux) , and there is one you can get for Linux, so there must be one for Apple.

You did click on something, so it could have installed a trojan, which is how most Apple folks get bit
Sunset is offline   Reply With Quote
Old 08-06-2016, 06:06 PM   #9
Thinks s/he gets paid by the post
Just_Steve's Avatar
 
Join Date: Apr 2016
Location: Dutchess County
Posts: 1,599
Quote:
Originally Posted by Sunset View Post
Run a virus scanner, there must be one even for Apple systems, as I have Linux (Apple is based on a linux) , and there is one you can get for Linux, so there must be one for Apple.

You did click on something, so it could have installed a trojan, which is how most Apple folks get bit
Indeed there is and it's free.

https://www.sophos.com/en-us/lp/sophos-home.aspx
Just_Steve is offline   Reply With Quote
Old 08-06-2016, 07:41 PM   #10
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
easysurfer's Avatar
 
Join Date: Jun 2008
Posts: 13,130
Looks like the Microsoft tech support scammers got outsourced and now support Apple .
__________________
Have you ever seen a headstone with these words
"If only I had spent more time at work" ... from "Busy Man" sung by Billy Ray Cyrus
easysurfer is offline   Reply With Quote
Old 08-07-2016, 05:54 AM   #11
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
donheff's Avatar
 
Join Date: Feb 2006
Location: Washington, DC
Posts: 11,317
I ran into something similar when helping a guy hook up a printer the other day. In our case, they used a popup window to throw up a scare like you saw. They made it even more effective by including a wav file of an authoritative voice warning not to continue and to call the toll free number immediately. Clear your cache and ignore it. If you particularly alarmed download and run Malwarebytes.
__________________
Idleness is fatal only to the mediocre -- Albert Camus
donheff is offline   Reply With Quote
Old 08-07-2016, 06:16 AM   #12
Thinks s/he gets paid by the post
gauss's Avatar
 
Join Date: Aug 2011
Posts: 3,594
Quote:
Originally Posted by Tailgate View Post
BIL took the bait on the same scam, called the number and talked to a very convincing crook who told him they contracted with Apple to clean computers of this virus (which he named and is real).. BIL forked over $300. Crook took control of his IMAC and ran a few cleaning utilities while he disabled the program that he used to hook him so the computer was actually cleaned..just not of the virus which was never infecting him, only the widget that the scammers use to jam his screen and OS.
When he finally talked to Apple and found out it was a scam, it scared him so bad that he wiped his disc and started over. Apple implied that the bad guys might have left malware and/or pinched their private data.
After the clean wipe, he spent 2 days changing passwords and also installed a password manager that I recommended....Password Keeper.

Hope your Mac is ok!
How did BIL pay the $300? Credit Card? If so, did he contest it? If he paid with Green Dot, Western Union, Money Order, Direct access to his bank account, Bitcoin etc. etc. then he would probably not have any recourse.

The non-standard (ie non-CC) payment methods would be a dead-giveaway to me that something is not on the up and up.

Just curious how these folks are managing to collect.

-gauss
gauss is offline   Reply With Quote
Old 08-07-2016, 06:24 AM   #13
Thinks s/he gets paid by the post
 
Join Date: May 2014
Location: Utrecht
Posts: 2,650
I got hit by ransomware the other week - first time in a long while (at least 15 years) something iffy happened.

I still don't know for sure what the attack vector was, probably through a hole in MS outlook that automatically executes malware (I don't click on anything). This was with Windows 10 and two virus scanners active ..

The way these guys work: they encrypt all your datafiles, delete the originals and leave instructions on your hard disk how to pay them for decryption. Which basically is acquiring bitcoin and sending it to them.

You have a week or so to do it, then they double the price. A bit later and they delete all the keys and links provided in the instructions. Presumably to make it more difficult for the cops to find them.

I did a full factory reset and restored from cloud storage (revert the deleted files). Some people I found on forums supposedly have paid them. Price is about 500$.
Totoro is offline   Reply With Quote
Old 08-07-2016, 06:27 AM   #14
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 38,001
Quote:
Originally Posted by kaneohe View Post
Yesterday I read a post at bogleheads.org that sounded interesting. It was
for the camel^3.com site that supposedly tracks Amazon prices over time. I typed in the url and stared at the screen which didn't seem to be exactly what I expected (but I had never seen it before). I picked the most likely selection and clicked it. Then all hell broke loose.......a message popped up that I was infected by something, don't turn the computer off, and call some tollfree number. I tried to click out of that, go back, exit the link, many things but the screen kept popping back. I then tried to shut the computer off by pressing the on/off switch. Nothing seemed to happen and when I pushed it again, the message said it was in the process of shutting down......seemed like eternity but finally it shut off.

I didn't realize it at the time but I had mis-typed the url and left one of the 3
"l"s in camel^3 out. I was a bit suspicious because the screen said it had detected chrome (correct) and windows (incorrect since this is a Macbook).

I cleared the Chrome cache/history so that the bad link was not be there.
Everything seemed to be fine but I was worried about residual effect.
I called Apple Support today and the rep seemed to think everything was fine. He said these bad guys aren't so much interested in infecting you as getting money from you if you call that tollfree number. He said he gets 10 calls a day like this and is 100% sure everything is ok. I asked if he would be 110% sure and he said yes.

Do you believe him?
When that message pops up from Macsomethingkeepers (don't remember exactly which name) exiting Safari or browser app is the only way to make it go away. But otherwise it didn't do anything. It is just a message - a popup window that won't go away. It is not all hell breaking loose although they might want you to think that.

We had a friend fall for this hook line and sinker. They finally realized they were in a scam and had granted access to their machine to criminals. Reversed the CC charge and took the Mac to geek squad. Geek squad explained that exiting Safari was all that was needed to get rid of the message, but since she had allowed access to the bad guys they did some kind of "clean up". It took us hours to get her personal files restored to where it was before.

This popup has been around for years.
__________________
Retired since summer 1999.
audreyh1 is offline   Reply With Quote
Old 08-07-2016, 06:38 AM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 38,001
Quote:
Originally Posted by gauss View Post
How did BIL pay the $300? Credit Card? If so, did he contest it? If he paid with Green Dot, Western Union, Money Order, Direct access to his bank account, Bitcoin etc. etc. then he would probably not have any recourse.

The non-standard (ie non-CC) payment methods would be a dead-giveaway to me that something is not on the up and up.

Just curious how these folks are managing to collect.

-gauss
Our friend paid with CC, then called CC company and reported the incident, got new card issued, so it was treated like fraud.
__________________
Retired since summer 1999.
audreyh1 is offline   Reply With Quote
Old 08-07-2016, 06:56 AM   #16
Thinks s/he gets paid by the post
 
Join Date: Dec 2014
Posts: 2,509
Quote:
Originally Posted by Sunset View Post
Run a virus scanner, there must be one even for Apple systems, as I have Linux (Apple is based on a linux) , and there is one you can get for Linux, so there must be one for Apple.

You did click on something, so it could have installed a trojan, which is how most Apple folks get bit
I believe the apple products (newer ones) are based on BSD, not linux. While they look similar and many applications will run on both, the way the system is configured differently and the licensing is significantly different.

But what do I know... I don't own a MAC. I used one for work a while back. It was a nice laptop. * I'm not anti-MAC.
bingybear is offline   Reply With Quote
Old 08-07-2016, 06:57 AM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
target2019's Avatar
 
Join Date: Dec 2008
Location: On a hill in the Pine Barrens
Posts: 9,682
Kanehoe, my FIL had similar infection from a repair company. It infected three browsers. I think by clicking button and entering email he made situation worse.

At that time Antivirus wouldn't find this. I purchased a low cost software for Mac that found all the extensions and hidden instances. All has been working fine since then.

This may or may not be helpful to you. When I find the name of software I will post.
target2019 is offline   Reply With Quote
Old 08-07-2016, 08:31 AM   #18
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 38,001
It was not an infection, just a rogue window popping up in his browser that claimed his computer had been infected.
__________________
Retired since summer 1999.
audreyh1 is offline   Reply With Quote
Old 08-07-2016, 08:57 AM   #19
Moderator Emeritus
Bestwifeever's Avatar
 
Join Date: Sep 2007
Posts: 17,773
This pop-up happened last year to DH who totally fell for it and thought the popup was from a bonafide Apple contact. He has never used a non-Apple computer (career was spent on Macs) and came running down to get his wallet while holding the phone to his ear as he was talking to "Apple". He said to me that his Macbook was infected with the "blue screen of death" virus (he had never heard that term in his life) and he needed to give "Apple" a credit card number. It gave me great pleasure to take the phone and yell "you f'ing scammer" into it before hanging up. We immediately took to the Apple store and got the same reassurance as other posters received but the guy there also ran something to clear random things and lectured DH on popups. I have to say the experience made me appreciate Apple and why the machines cost more--the Macbook is seven years old but they didn't hesitate to resolve it at no charge.
__________________
“Would you like an adventure now, or would you like to have your tea first?” J.M. Barrie, Peter Pan
Bestwifeever is offline   Reply With Quote
Old 08-07-2016, 09:15 AM   #20
Thinks s/he gets paid by the post
 
Join Date: Jan 2006
Posts: 4,172
Quote:
Originally Posted by Bestwifeever View Post
This pop-up happened last year to DH who totally fell for it and thought the popup was from a bonafide Apple contact. He has never used a non-Apple computer (career was spent on Macs) and came running down to get his wallet while holding the phone to his ear as he was talking to "Apple". He said to me that his Macbook was infected with the "blue screen of death" virus (he had never heard that term in his life) and he needed to give "Apple" a credit card number. It gave me great pleasure to take the phone and yell "you f'ing scammer" into it before hanging up. We immediately took to the Apple store and got the same reassurance as other posters received but the guy there also ran something to clear random things and lectured DH on popups. I have to say the experience made me appreciate Apple and why the machines cost more--the Macbook is seven years old but they didn't hesitate to resolve it at no charge.
Did you encounter any "resistance" in going to the Apple store? Did you just pop up there or did you make an appt? I was trying to get an appt to get what you had done but seem to be getting some subtle resistance/deflection/reasssurances/etc. so no appt yet. I think I'd feel better if somebody who knew something actually checked it out rather than just getting reassurance.
kaneohe is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
"Volatile" URL links kaneohe Other topics 8 06-29-2008 12:49 PM
How to assign a descriptive name to a URL in a post? Danny Forum Admin 2 06-05-2007 03:41 PM
URL Problem Possible Hack Outtahere Forum Admin 21 05-17-2006 10:43 PM
How to shorten URL ? JPatrick Other topics 6 10-29-2005 08:59 AM

» Quick Links

 
All times are GMT -6. The time now is 03:59 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2024, vBulletin Solutions, Inc.