Techsurvivors
Welcome to Techsurvivors => Tech => Topic started by: jcarter on February 01, 2019, 12:08:22 PM
-
Its really a wild one, came in on a weather website my husband was looking at on his new iMac.
-
Amazing amounts of computations to arrive at those numbers! And all at no "cost" to the user! Yeah, right... :wallbash: :laughhard:
-
I just opened up the MBP, logged in and that same message was on my screen. I had both Firefox and Safari running but that scam window was on top of a Safari page (BBC iPlayer website) - and looked just like the one Jane got. I just shut down the spoof window (red button) and quit and relaunched Safari. There's no (edit - obvious!) sign of it in the history of either browser.
Not surprisingly, all the numbers on it were identical to Jane's :doh:
-
I did the same, got rid of that window, quit Safari, and restarted it. Nothing today.
Wonder if anybody actually did click on that thing?
Sure hope nobody.
-
I'm not sure it's coming from Safari in particular. I suspect Flash. If you ever see it again, Quit Safari before closing the window to see if Safari was even involved.
-
Took another look at Jane’s screen grab and noticed the url at the top. It starts:
“mac-safety-check.com.hefjzkeo…” (lots more letters), then “index.php?browser=Safari&zo=US&app…”;
the rest cannot be seen.
So it seems likely that Safari has been hijacked/involved but I’d appreciate Jim’s views.
Just wish I’d stopped long enough to read the whole url on the one that popped up for me.
FYI: Safari 12.0.2, mid-2014 MBP Retina; High Sierra.
-
I wish I had saved the rest of it in a screenshot, did look at it and it was very long.
Nothing like this has shown up either before or after.
Its my husband's new iMac, and it and Safari are running perfectly.
And nothing like this has shown up on any of our other Macs.
Very interesting, looking forward to you all figuring this out.
-
Go to System Preferences > Security & Privacy > Firewall and check your settings, including Firewall Options. You'll have to click the lock and enter your administrator password to unlock the Options button.
-
I looked at this on my iMac, I dont have an admin password, so even tho I click the lock, I cant change anything on this one.
But Safari on his Mac is not listed in location services. Mine is, but never saw anything similar to this 'thing'.
-
My husband got another one, and I think I got the entire URL. I used a screenshot.
He went to the same weather site, its not appeared on any other site.
-
He went to the same weather site, its not appeared on any other site.
Ah! So it is only showing when you visit the 'hacked' site? As I was once told when I smashed my thumb with a hammer... "Don't do that!" :nono: :wallbash: :coolio: :doh:
-
Did not visit it, just took a screen capture when I highlighted the URL, and quit Safari. Did not click on anything.
-
I will post the screen capture here tomorrow if you want to see the entire thing.
-
Here it is. Its a long one for sure.
-
Only thing that looks interesting is the name of a dubious app called Mac Cleanup Pro (just after the "Safari&zo=US&" text. Every place you see "&" is usually a separator for a new piece of data. "%20" is the ASCII code for a space, which is not usable in most urls. Do a search for that name and you'll find all sorts of hits.
The normal way of getting this disgusting junkware is by visiting sites for free apps and fake updates. Several things you can do to see if you actually have the junkware installed:
- See if there is an extension with parts of that name in Safari Prefs
- Check you home/Library/LaunchAgents for any file with those three words.
- Also check your ~/Library/Application Support directory
- Obviously you can also look in your Applications folder
What you should never do is pay/buy/download any app named "Mac Cleanup Pro"! :doh: And, of course, practice "Safe Surfing"! :doh: Update only from Apple's Software Update and from trusted third-party dev sites. I don't recommend auto-updating any app or OS. :wallbash: Of course, you should also have an Admin password for your computer... :coolio:
-
This popped up on a legitimate weather site.
Ive searched for any of this, and there is totally nothing on his computer at all what you have warned about.
And he would never ever visit a site for free apps nor fake updates. Nothing at all in his app folder.
Just this one weather site, is where it popped up on.
I see that he is not the only one who got this, and on a different site.
I took that weather site off his computer just to make sure.
And Ive been to that site on 3 of my computers and nothing happened.
-
I apparently didn't press "Post" earlier today - but in addition to Jim's post, here's a bit more info on what to look for and where.
-------------
Ignoring (ENTIRELY) the advice to download the "Combo Cleaner" - this writeup does actually go through how to check to make sure that you don't have any malware lurking. It's a good primer on where to check for ANY of these little nasties - some of which ride along on seemingly legit software. There was a time when updates for Java had some of this, unless you noticed and UNCHECKED the checkbox in the install sequence. (Don't get me started on Oracle and their games...)
https://www.pcrisk.com/removal-guides/12895-your-mac-is-infected-with-3-viruses-pop-up-scam-mac
Just don't download the combo cleaner. :p
-
Thank you for this good explanation!
I will go thru this again on his computer, just to make sure that nothing got by me.
Yes, I totally agree, we would NEVER click on anything like this. Remember the MacCleaner or such, that people fell for? That was another one. We never saw it, but know people who fell for it.
Since it was only from this weather site, Im wondering how it got there. I know about re-direct coding in my web classes.
This certainly is interesting, I learn a lot from you all here.
-
Using the combo cleaner now, and its scanning. Looking thru the removal guides carefully, this is a nice site, explains it well.
Got rid of a few things, but none of them were listed as bad. But trashed them anyway.
Its clean! "No Threats"
Thank you for this site, it sure works.
What ever this odd phishing things which pop up on that weather site, will be just ignored, as before.
You all are wonderful!
-
I read that article, Paddy - very informative, but I did heed your warnings... :yes:
When I read it, on my rather old iPad, I was amused to see this little advert at the side.
(https://www.dropbox.com/s/4zmtj6jrf6q4aav/oops2.jpg?raw=1)
Strange thing is that in Firefox on the MBP (High Sierra) it is correct!
-
Strange thing is that in Firefox on the MBP (High Sierra) it is correct!
:Thinking: :dntknw:
-
Methinks Neil meant that the message about the anti-virus virus correctly identified the MacBook Pro and Firefox as the device being used to view the website, but on the iPad seemed to think it was looking at a Windows device. (Yes, I was confused at first too!)
:toothgrin:
-
Thank you Paddy, spot on!
I've been told I'm sometimes adept at sowing confusion... :Devilish:
-
WARNING: Off topic text approaching!
Speaking of fishing... and towing...
I've spent hours watching a series of VLOGs (https://cruisingthecut.co.uk) by a young(ish) chap in England who sold his house and bought a canal boat. While you can fish on the canal waters (with or without a boat), you must throw all native species back. Non-native must be thrown much further back, as in behind the fisherman.
I've been trying to get my bride to accompany me on a month long canal journey for over 35 years. Now I see that it can be done solo! Unfortunately, she still won't let me sell our house... I'll have to make do with these virtual experiences...
We now return to the originally scheduled topic!
I hope I haven't caused any confusion by miss-reading your mention sewing. :p :scram:
-
Been rather dull lately with SCAMming. Just had Comcast connections go down for a few minutes and then I found this in my email:
I have infected your device 8 months ago with a trojan virus that uses your camera to record you.
...
My virus has also captured your contact list and friend list on social media. I now know all your friends, co-workers and family.
I will email everyone you know a copy of these camera recordings of everytime[sic] you are naked infront[sic] of your device [deleted]. I will make sure your friends, co-workers and family and everyone on the internet sees your dirty deeds. The video i[sic] will post will show what you are doing. You will be exposed.
If you don't want me to expose you, you will pay me $ 750 to make all these video recordings go away and you’ll pay me in Bitcoins.
...
You will have exactly 72 hours to make this payment in full.
If i'm[sic] not paid, I will start getting the OS video recordings ready and then send to all your contacts and also all of your friends and co-workers. I'm sure they will like to know something about you which you thought was hidden. Believe me, no one will tell you about anything they get to know about you, but the stigma will live with you forever amongst that group of people.
...
Have this at the back of your mind.
I'm tracking a special link i[sic] coded into the header of this message. I will know exactly when you read this.
THIS IS A NON NEGOTIABLE OFFER!
I will be reasonable and give you 3 hours to sitdown and think about this; then your time starts.
Obviously done while the web was down! He must have control all our base! (https://en.wikipedia.org/wiki/All_your_base_are_belong_to_us) :dntknw: :Thinking: :p :eek: Anyway, my wife is out of the country right now, so I don't have access to any money. She keeps out bitcoins in a secret place and refuses to tell me!!! So, if I 'disappear' by the end-o-the-week, you'll no that I've been wiped off the interweb!!! Hope you enjoy the vids of me!!!
I gotta go get some thicker tape for my computer camera!!! :wallbash:
-
As long as I've mentioned "security", here's another take from NameCheap (https://www.namecheap.com/blog/dont-let-smart-devices-outsmart-you).
-
That sure is interesting and scary.
We have no smart devices in our house, our TV is antique, no roumba, no smart thermostats, nor other things mentioned there. I do have cameras, but only one is on the web, and its pointed at our dog's bed, and Ive disabled the sound.
All other cameras are either trail or not web connected, to look at wildlife.
No Alexa or any of those things either.
However my truck has a smart GPS and I have it track where we have been and what the tire pressure is and that sort of stuff.
Never had any of these things pop up on my old Macs.
Thank you for posting this link!
My husband is taking a course in this, its called "Surveillance, Data gathering, and privacy" or something like that. It too is very scary.
But my friends in law enforcement really need some of this stuff for solving crimes, and they sure do get some real help.
I have a great long story about a software disabled Tesla, which my grandson was able to get into on his iPhone for the owner of the car and get it running again.
-
I have a great long story about a software disabled Tesla, which my grandson was able to get into on his iPhone for the owner of the car and get it running again.
Do share, Jane...we have a Model 3. Software glitches are not something I'd want to have to deal with, though we've had a couple of minor ones where the screen went black once or twice. Came back when we pulled over and did a reset. Reminded me of the Microsoft car joke - only we didn't have to get out and change positions! ;)
-
I will make it short,,,,,,,A man was charging his Tesla across the street from our local Mac store(which went out of business recently). My grandson loves Teslas, and stopped to talk with him and admire the car. When we came out of the store(about an hour), the guy was distraught, and his phone, wallet, and stuff was all inside the car, and it would not unlock when he took the charger thing out.
So we got everybody in our car and headed for www.whoi.edu where his wife worked to get her key-card.
Half way there, Max was able to get into the software for Glen's Tesla with his iPhone! We spun around and headed back to the car, and everything was fine. Im not sure of how this was done, but Max could explain it better than I could. Then they got on the phone with Tesla later on at the high school, and it was a software glitch. Glen let Max drive it all around the sports complex at the school, as he didn't have his drivers license yet. Now he is begging me for a Tesla, but I said, gotta get into college first, and graduate. He is the captain of the school tennis team, so gets a few extra perks, but not a car,,,,,,yet,,,,,,,. He is a very fun kid, Im looking at a used Ford pickup for him,,,,,,,
-
He no doubt downloaded the Tesla app onto his phone, was able to sign in using the guy's credentials, and then essentially his phone could be paired to work with the Tesla just like the owners' does.
Did the owner's phone die? Or was it truly a glitch? The only way my Tesla locks is if the iPhone is outside the car - otherwise it won't. (And yes, a couple of times I've forgotten that my phone was charging in the car and walked away, expecting it to lock etc. and then later realized that the phone isn't in my purse, but in the car, and therefore anyone could have driven off with it!! I now listen for the toot of the horn to indicate it's locked before I walk too far away! The other problem is that the Tesla trains me to forget to actually LOCK our Toyota van - and a whole bunch of other things that the Tesla does automagically which a 15-year-old ICE car doesn't!)
-
They guy couldn't remember his password, so Max had to try many times.
No, the phone was charged and fine, just sitting there on the seat 'laughing' at us.
Last year we gave away our big F-150 4WD which was 25 years old, to a close friend, he is restoring it.
And we gave away our wonderful 24 year old 4WD GMC Suburban to a friend who has a roofing business, he welded up 2 holes in the frame and put a new rear bumper on it, and its all around town. Strange that neither of them ever had to have anything replaced with the exhaust systems, except for the new hangars my husband would replace now and then.
I miss those cars, but we had to get newer ones. Replaced them both with similar cars.
Who was the guy who had an electric car, and a Honda gasoline generator in the trunk a few years ago?
-
Just to refresh this thread:
SWMBO just got a very nicely written email from a fellow in Switzerland. He is a manager in the "SWISS Bank (UNION BANK OF SWITZERLAND" (which apparently has some extreme HR problems!). This gentleman has been unable to find any relatives for "the late Mr. Moses Saba Masri", a "Jewish business mogul from Mexico that died ... many years ago. No doubt years before the Interwebs!!
At any rate, since Mr. Smith (a fine old Swiss family name!) can not find any living relatives, he would like my "represent [my wife] as the next of kin and as beneficiary" of "US$ 28,150.000.00,,". Apparently Mr. Smith has trouble remembering which 'decimal' system to use in Switzerland. He assures my wife that this is all legal and honest. BTW, he gets 60% for his 'work'. Oh yes, please respond with name, age, occupation, phone number and address within 14 days. :doh: :wallbash: :laughhard:
I advised my wife to try to get 75% instead of the miserly 40% this guy is offering even though it will be difficult to compute my "consultancy fee" on the odd amount. :Thinking: :yes: :scram:
-
Well, apart from not being able to spell Moises' name, the scammer wasn't entirely lying. He died in 2010 in a helicopter crash - and he was wealthy. The rest, of course, is pure invention. ;)
https://en.wikipedia.org/wiki/Moisés_Saba
"I know...I'll use a REAL person, just in case the mark happens to know how to Google! Yeah! That oughta do it!" LOL.
-
Even more phishing, pretty clever nowadays.
We got an email from BOA to 'update our information', and it asked for darn near everything.
Of course it was a fake.
But a week later from the same bank, we got a letter in the snail-mail with a form to do the same. And it looked just perfect.
I knew it had to be bad, so took it to the main office of the bank in the larger town near us.
And they were astonished at how real it looked! I gave the whole thing to them, and they were going to have a conference about it.
As they knew other people would have gotten similar and it was 'going to hit the fan'.
-
Were you supposed to mail it back somewhere or were they hoping you'd hop on the internet and give them all your info?
Because if they were asking you to mail it back, then that needs to go to the police (preferably from BOA, rather than you personally, as they'll be a little more responsive to a big bank making the complaint, methinks) and an investigation opened. They will have a return mail address to watch and should be able to nail the fraudsters. And it's mail fraud - no laughing matter in the US.
This sort of thing has been going on for a while: https://www.vvdailypress.com/news/20180228/scams-amp-swindles-double-check-that-letter-from-bank
The interesting thing is that they're willing to actually spend the money to send out letters - and one would hope most of them fail to elicit the desired response.
The other disturbing thing I discovered is that Bank of Montreal here in Canada HAS been sending out letters to some customers asking them to provide SIN (social insurance number - same thing as US SSN) and date of birth. Seems they didn't collect required info on some account holders when the accounts were opened and in order to comply with CRA (Canada Revenue Agency) requirements, they're sending out letters with a self-addressed postage paid return envelope - which goes to the CRA. Of course, a lot of people getting these think they're a scam - but they're actually not. The bank is being rather stupid, IMHO - they should ask people to come into the branch or to fill out the form and drop it off at the branch.
We're all becoming increasingly suspicious of everything - I have almost missed a couple of important calls lately because there was no caller ID other than the phone number, which I didn't recognize. And my cable provider tried repeatedly to reach me about resolving an issue we'd been having but failed because we'd blocked their number on our phone because we kept getting scammers spoofing that number and got fed up a year ago and blocked it. Can't win, these days!!
-
Exactly! The bank wanted a snail-mail reply. I never thought to take it to our police department, maybe the bank will.
Your link described it just perfectly. The bank manager actually tried a phone number on the letter while I was in her office, and it was a fake one.
Also we dont pick up the phone if we dont recognize the number either. And if its important, they darn well better leave a message, or I will block them. I will change my message pretty soon to make it more precise and let scam callers know that they will be blocked.
Some of our friends and local businesses have decided to go with Comcast, our cable provider, for their phones. But they are very unreliable, and for example, our dog's veterinarian did this, and one of their numbers has no ID and Ive told them to fix it, but they havent yet. But they always leave a message, so they can get along till its fixed.
So many scams going on all the time now, we sure have to be aware of how they work and how to block or ignore or report them.
-
The interesting thing is that they're willing to actually spend the money to send out letters
I’m still getting emails from folk who are getting snail mail letters from some of the 50+ scams described on my old mailscamalert web site. I use a form letter when the pleas for help look real. If it doesn’t bounce, I use another “standard” message in one more attempt to get people to read some of the text on every single page that explains why they should never, ever send info to these dirt bags! Most have not only done that but have also sent money! Yes, there are still scammers using snail mail! Perhaps because there is so much more ‘news’ about fake emails. :dntknw: :wallbash:
-
That bank one which we got was very carefully done, even the local bank manager said it was very slick.
-
Just got an "Apple" email announcing they have released a "Major macOS Security" patch. Of course,
- it's not to my primary Apple addy
- the links point to "10eleven.com"
- it uses Flash (I don't allow off-site images, Mail is telling me my Flash Player is out of date. :rolleyes:
I guess these Phishers aren't aware of how Apple makes sure we don't use the Mac too long without getting repeated and irritating notices about updates. :whoosh: :coolio: :laughhard: