OT: emergency IT assist for OAP!

She or you should change her email passwords immediately as email is often used for confirming/resetting other passwords. That's if they haven't already hijacked the accounts for their own purposes.

She doesn't use Ebay or Paypal does she?

Owain

If there is any karma or other divine justice, these kinds of people will be infested with a plague of extremely revolting maladies for the rest of their days.

Definitely.

Her email account is definitely compromised, for whatever that's worth, but I can't think of anything that'd be a particular issue in terms of infecting the tablet.

It will be the usual we have encrypted your windows registery and we want cash to fix the problem. You need to load the backup you will have made. It should only take 30 mins or so.

You have my sympathy. Since you can do so much on a tablet these days, and online banking mostly has dual authentication, there is probably a lot to be said for migrating the vulnerable to them.

Ring back when free should get you into a break in her calls.

Your secondary problem will be that her name, phone number and details will now be on a easy target mugs list so you may need to change her phone number as well or teach her than anyone who rings up claiming to be from Mickeysoft, her bank or her ISP is a liar and a charlatan.

That the bank/insurance company do sometimes cold call is irrelevant - my script is that if it is that important you prove to me first that

If it is genuine and an emergency the next tier do it right when they ring back. The script droids are most surprised to be challenged.

Be glad it was only £50. It could have had an extra 0 or two on the end.

Hope that she gets through to all the banks and credit card companies in time to prevent her accounts being emptied. Having a single contact point to clear down all cards might be worth it for future problems.

Switch the router off and also all the compromised PC(s)!

Without knowing what info she gave them and what access they were able to obtain to the main PC it is difficult to say. Assuming initially that everything is compromised and sterilising the kit with a scorched earth policy would be my way forwards and then restore from a backup.

All her email accounts need checking and passwords changing ASAP.

Good luck. Be aware that the secondary wave of skinners are even more convincing than the initial trappers. Assume they will strike again...

No but if it were me looking for easy picking by remote the first place I'd look (on firefox at least) would be tools>options>security>saved passwords>show passwords> screen dump... Should give websites, usernames and passwords

Good luck.

Funnily enough My son spent a good proportion if his saved money on a computer which arrived today. I helped him set it up then went out for a walk with the dog.... within 90 minutes he'd "infected" his machine with a "virus" that apparently most AV programs couldn't detect so he was in the middle of running something called "spysearch" or some unheard of program which reported to have found over 100 threats.... I managed to stop him re-booting the machine like it told him to do (at the point it was asking for $10 to register the program to fix the threats). Terminated all dodgy looking programs with task manager and ran a boot time scan.

All clear, nothing found. And he wonders why I've always blocked .exe files and never given him admin rights on my computer...

I'm sure it will be the first of many... It's not just Oldies that get into trouble, but the "born with a mouse in their hand" generation of kiddies are equally susceptible to deception.

In message , Chris French writes

I can sympathise with that. At a similar time to yourself, 10 ish years ago a friend of mine who knows a lot more about computers than I do convinced me that the best firewall was to use a Linux based machine infront of my other Windows PCs. It appeared to work well, nothing nasty came through and I was a happy bunny. Until that is I got a letter from NTL threatening to cancel my account if I didn't stop spamming half the world. Some kind person had found and hacked the Linux machine and was using it to send spam emails.

I seriously doubt they "hacked" it. More likely an account somewhere was left with a default (or no) password.

First off, most distros of Linux don't come with an SMTP server built in. So you would have to install one, requiring root access.

There were more than enough holes in linux to hack it 10 years ago. There have been holes in it since that allow hacking. Don't tell people you can't hack linux when its obvious that you can and that people do. Once you have hacked it you can install what you like including root kits and mail relays and anything else. If you believe you can't be hacked you probably never check that you haven't been so you could end up send spam for months without knowing. Now be good and go and check your linux machines.

I keep up with security patches, and have nothing installed I don't need. I've also strangled the uplink speed, since it's not really needed.

Is it the most secure linux box ever ? No. Is it more secure than the next one along ? Hopefully ;)

I'm not sure that's the best place to keep them anyway? I've stayed away from keeping very important such things on any computer.

But anyway, bad luck for your mum and hope she's all right. I'm pretty cynical about all this sort of thing - but did once nearly get caught with the 'police' phoning up and saying there had been a fraud attempt on my credit card - the scam where they keep the line open and get you to phone your bank. (This was before it was a well known ploy). It was only when the bank answered instantly with a human I realised what had happened. If they had been just slightly more clever I might have been caught.

You can choose which sites it does it on?

Certainly wouldn't allow it for anything like a bank site, etc.

But for forums etc it would be a pain to have to log on manually each time.

In message , "Dave Plowman (News)" writes

Yes of course, when you put in a new site/password it asks you if you want to save it or not.

Access to the stored passwords can also be protected by a master password.

Indeed not

Yup. In reality I don't have that many sites where I'm actually that bothered about someone else potentially getting access. Of course I wouldn't use the same passwords.

It says a lot that your suspicions were aroused because you were expecting crap service from your bank ....

Can you phone any large organisation without getting an automated switchboard these days? I don't know of one.

IIRC FirstDirect -- but it's been a while since I called them.