Almost fell for “tech support” scam - what is the risk?

Phil 05/15/2018. 5 answers, 7.774 views
virus scam teamviewer

An acquaintance of mine got a call from an alleged Microsoft employee and provided him access to his Windows 10 computer via team viewer (commonly known as the tech support scam). But when the scammer wanted to send him a file he got suspicious and immediately shut down the computer before anything could be sent. He did not give away his credit card number or any other personal information. Afterwards he immediately changed his passwords from another computer and did not connect the affected computer to the internet since. He asked me for help now, but I am not sure which steps are necessary.

  • Do you think the computer could be infected? A team viewer remote session was active, but as I told, no file was sent. Is it still possible to infect a computer?
  • My plan is to start a live CD and run a virus scan, but I am not sure if it is necessary to erase the whole disk. Would be the safer way, but also much more time consuming.
  • Is it possible that the router could have been infected? I want to check the DNS settings, is there anything else I should check? Or should I completly reset the router?

Would be nice if someone gave me some hints and advice. I don't think the question is a duplicate of these two:

Because I'm more interested if it was possible to infect the computer without sending a file rather than about what to do if there is a virus on the computer.

PS I'm from Germany, it seems like the tech support scam has reached non English speaking countries as well...

5 Answers


schroeder 05/16/2018.

From your description, there is nothing to worry about. The victim just shared the screen with the attacker without giving the attacker control or giving the attacker any information.

As the victim used a common tool (TeamViewer) and not one provided by the attacker, there is no risk in the shared session.

There is no risk to the router as the attacker never had access to it.

It is not known what information the attacker saw on the screen, but perhaps the only concern is the disclosure of the IP address. This can be mitigated by turning the router on/off (which works in some instances) or asking the ISP for a new IP.


jedicurt 05/15/2018.

If they did not give a credit card and did not receive the file, there should not be a significant reason for concern. I would have them run virus scan and malware detection and remove anything found.

In the US, the Federal Trade Commission put together a non-techie page about these types of scams. You might direct your friend there for some further knowledge.

It never hurts to be over protective if you think anything might have occurred. It is all about the level of comfort the person has after the fact that their computer data is still intact.

here is that link from the US FTC


Rui F Ribeiro 05/17/2018.

In my Uni times, when I cracked nagware, I often repackaged the original installer with my crack and whatever modifications I had done to the code, including extra files/binaries. The tools at the time were far more simple than today.

Nothing guarantees your friend installed a "genuine TeamViewer".

Nothing also guarantees that despite he "having seen" what they were doing, that they had not by the time he clicked on a binary/installer, that a secondary control connection was opened to a partner of the people talking with him, or extra software was downloaded in the background.

Despite the victim having "only" installed TeamViewer, and "having seen" what was done, IMO the only sensible solution is to format the computer and install everything from scratch just in case.

It is also quite a false sense of security assuming there is nothing left if some AV solution does not find signatures. An AV wont find special crafted binaries/scripts or "official" software left behind.


Therac 05/15/2018.

Teamviewer by default allows the other party to control your computer. However, this control is entirely visible, as if they were sitting right at your machine, using a mouse and a keyboard.

To infect the PC, the attacker could download and execute a file through your PC; sending a file via TV definitely isn't necessary. But if they tried to do that, it's very likely that it was part of their plan. Why do it otherwise.

If your friend has seen the whole process, they can know what the attacker has accessed. If your friend knows they did neither of that, and they didn't set up access for themselves via RDP or something else, then it's very likely that they didn't 'hack' the computer. This is an easy scam on the unsuspecting, it's unlikely to be combined with a sophisticated under the radar attack.

If the computer isn't used to process sensitive information, it's probably not necessary to take any steps out of the ordinary (malware check). Just to be sure, some further steps that can be taken include uninstalling Teamviewer (in case it's been set up for unattended access), clearing the browser of banking passwords/using a password-protected manager, and changing the banking passwords where 2FA isn't used (not a bad thing to do every year or so anyway).


pandalion98 05/16/2018.

The Teamviewer version was not specified.

Older versions allowed clipboard sharing (including files) by default. Worse, the clipboard sharing did not have any indication of being used, so one can copy files to a remote computer (possibly on Startup locations) without anyone noticing.

There's a risk that a program may have been copied over to the machine being remote controlled. This doesn't have any immediate effects, but any malicious payload will get activated on next boot. One can also replace files that are periodically used by services. So yes, the machine may be infected.

Running a live CD and doing a manual check may be the best way to go. A virus scan may miss obfuscated files, or the malicious payload simply isn't recognized by the scanner. Realistically, there's a lot of attack options once one has write access to a machine (e.g. replacing commonly-loaded driver files, replacing files used by common services), so a manual check might not even be feasible.

Using the approach above, the router may be infected in theory, though I highly doubt that unless you're up against a persistent, dedicated threat.


HighResolutionMusic.com - Download Hi-Res Songs

1 BLACKPINK

Kiss And Make Up flac

BLACKPINK. 2018. Writer: Soke;Kny Factory;Billboard;Chelcee Grimes;Teddy Park;Marc Vincent;Dua Lipa.
2 Martin Garrix

Waiting For Tomorrow flac

Martin Garrix. 2018. Writer: Pierce Fulton;Mike Shinoda;Martijn Garritsen;Brad Delson.
3 John Legend

Written In The Stars flac

John Legend. 2018. Writer: Kiana Brown;Santoy;Kevin White;Mike Woods;MZMC;The Heavy Group;Rice N' Peas.
4 Alan Walker

Diamond Heart flac

Alan Walker. 2018. Writer: Alan Walker;Sophia Somajo;Mood Melodies;James Njie;Thomas Troelsen;Kristoffer Haugan;Edvard Normann;Anders Froen;Gunnar Greve;Yann Bargain;Victor Verpillat;Fredrik Borch Olsen.
5 Bradley Cooper

Shallow flac

Bradley Cooper. 2018. Writer: Andrew Wyatt;Anthony Rossomando;Mark Ronson;Lady Gaga.
6 Martin Garrix

Access flac

Martin Garrix. 2018. Writer: Martin Garrix.
7 Cardi B

Taki Taki flac

Cardi B. 2018. Writer: Bava;Juan Vasquez;Vicente Saavedra;Jordan Thorpe;DJ Snake;Ozuna;Cardi B;Selena Gomez.
8 Martin Garrix

Yottabyte flac

Martin Garrix. 2018. Writer: Martin Garrix.
9 Post Malone

Sunflower flac

Post Malone. 2018. Writer: Louis Bell;Billy Walsh;Carter Lang;Swae Lee;Post Malone.
10 Lady Gaga

I'll Never Love Again flac

Lady Gaga. 2018. Writer: Benjamin Rice;Lady Gaga.
11 Bradley Cooper

Always Remember Us This Way flac

Bradley Cooper. 2018. Writer: Lady Gaga;Dave Cobb.
12 Mako

Rise flac

Mako. 2018. Writer: Riot Music Team;Mako;Justin Tranter.
13 Dyro

Latency flac

Dyro. 2018. Writer: Martin Garrix;Dyro.
14 Avril Lavigne

Head Above Water flac

Avril Lavigne. 2018. Writer: Stephan Moccio;Travis Clark;Avril Lavigne.
15 Sia

I'm Still Here flac

Sia. 2018. Writer: Sia.
16 Halsey

Without Me flac

Halsey. 2018. Writer: Halsey;Delacey;Louis Bell;Amy Allen;Justin Timberlake;Timbaland;Scott Storch.
17 Deep Chills

Run Free flac

Deep Chills. 2018.
18 Julia Michaels

There's No Way flac

Julia Michaels. 2018. Writer: Ian Kirkpatrick;Justin Tranter;Julia Michaels;Lauv.
19 Rita Ora

Let You Love Me flac

Rita Ora. 2018. Writer: Rita Ora.
20 Zara Larsson

Ruin My Life flac

Zara Larsson. 2018. Writer: Delacey;Michael Pollack;Stefan Johnson;Jordan Johnson;Sermstyle;Jackson Foote.

Related questions

Hot questions

Language

Popular Tags