How I got totally on-line scammed, but was saved by the dumbest password ever

So, I’ve been foolishly paying $8/month to lease my cable modem from Time Warner Cable.  I knew this was dumb, but ahhhh, only $8.  This week a friend told me his internet speeds went way up after replacing his modem.  Now that got me moving.  This Netgear cable modem got excellent reviews so I went with it.

I called TWC to authorize the new modem.  Didn’t work.  TWC provided me a number to call Netgear to help get it working.  Netgear guy just had me bypass the router, hook the modem directly to my desktop, and call TWC back on a conference call.  This TWC rep was smarter and did something different and got me connected.  Netgear guy stayed on the line to make sure my internet worked when I reconnected the router.  It didn’t.

He asked me to open a program (a legitimate citrix program) that would give him access to my machine for diagnostics.  I was not suspicious because 1) I thought I was talking to Netgear, and 2) I’ve done this before successfully with Dell technical support.  He ran through a bunch of stuff in Dos command windows that appeared to show my IP address was actually in Korea and that I had been hacked by a Zeus trojan.  It seemed weird that Netgear would care about all this and I started getting suspicious, mentioning I wanted to talk it over with NCSU tech support, etc.  He told me only a “level 7 anti-hacking expert” could fix this and nobody local would be able to help me.   Again, really suspicious.  Before I could get him off the phone, he told me he could fix everything for $300.  As I was asking questions I saw him quickly bring up a password box and enter a password.  Ruh-oh.  I asked him about this and he said it would protect from further hacking.  He told me my whole system was compromised– every device I use on the network and that basically only he could fix it.  He had me write a text file with info, including a number for him, but insisted I write his number down with paper and pencil, too.

I got off the call, rehooked my router again, and this time it was working (honestly, I think it just needed five minutes).  Quick FB message to a friend (thanks, MDG!) and it was pretty obvious this was a scam.  But what?  When I went to the command window, I saw that the last command used was “syskey.”  I realized that was it.  I was a victim of the syskey scam.  Once I restarted, the computer would ask for a password and I wouldn’t be able to do anything without it.  Except, of course, presumably call the malefactor and pay him $300.   Fortunately, the scammer did not ask me to reboot, so I was able to use my computer in the meantime.  I came across this and thought I had the solution.  Alas, it still needed the password!  I imagined that my entire Sunday would be restoring my computer (I at least found my backup DVD’s way easier than I expected).  Enough googling of “syskey scam” and it turns out that passwords of 123, abc, 1234, 111, etc., were really common.  I tried the first 3 of those with no luck and a falling heart.  But, then, 111, and success!  All the trouble this scammer had gone to and he locks my computer with 111??!!

So, it works, I’m good. I think.  How in the hell did this happen?  #1, my guard was way down because I was quite certain I was talking to Netgear technical support, since TWC had given me the number to call.  Alas, pretty sure I was screwed by TWC.  Google netgear tech support contact number and google pops up a box with 844-330-2330.  Yep, so that’s how TWC gave me the number.  And if you google the number, you can see all the different companies they are trying to use for this scam.

Anyway, that was kind of horrible.  One of the very rare occasions I benefited from a benzodiazepine before bed.  Like I said, I think I’m okay.  From what I can tell, this is the scam.  Just lock the computer.  I didn’t see anything on-line suggesting further iterations beyond this.  The bad guy has my MAC address for my modem and my actual IP (not the one in Korea), but I get the sense that there’s not all that much he can do with that as long as I’ve got a functioning firewall.  Of course, I ran a full Anti-malware and Kaspersky scan, too.

Anyway, tomorrow I will be calling TWC and stressing they need to be a lot more careful about the phone numbers they give to customers!  Oh, and my internet is exactly the same speed with the new modem.  At least it pays for itself in 7 months.

It was also a fascinating lesson for me in how easily I could be duped when I believed I was talking to a legitimate person.  In retrospect there were red flags all over the place, but when you think you are talking to Netgear, a red flag is more just a “that’s weird.”  I hope I learned a lesson from this, but I’m not sure.


About Steve Greene
Professor of Political Science at NC State

12 Responses to How I got totally on-line scammed, but was saved by the dumbest password ever

  1. Jon K says:

    Sucks you got screwed up with this. Time Warner Cable is still using very old cable modem technology (and is charging way too much for it). They are still using docsis 2.0 modems. The max speed you can get with docsis 2.0 modems is 38 mbps down and 9 mbps up. Docsis 3 modems allow for speeds of 152 down and 108 up.

    I learned this when I moved from Raleigh to VA last month. I had to buy a new cable modem because Comcast wouldn’t allow the modem I had been using for years on TWC to be activated on their network. I was amazed that I now have Internet that just clocked in at 94.66 mbps down and 12.11 mbps up. I am also paying 89 dollars a month for access (which includes cable TV). That is about 75% of what I was paying in Raleigh for Internet speeds that were about 25 down and 2 up.

    • Jon K says:

      I don’t like to brag, but I can’t help but point out that I downloaded a 28 gb computer game that I bought from Steam today. The entire download took 42 minutes.

      • Steve Greene says:

        I’m getting 5 mbps download!

      • Jon K says:

        I agree with the advice about resetting your ip. Time Warner uses dynamic ip addresses. They aren’t assigned to any particular customer, and they periodically change. Unplugging your modem and letting it sit for 5 minutes should be enough to make it change, but callling them should work just as well. Also, you can likely get your speed increased for an extra 10-20 dollars a month. I would ask them about it. I believe I was paying an extra 15 a month to get bumped up to 25 mbps.

      • Jon K says:

        Also hopefully you take advantage of the free Kaspersky at NCSU. That takes care of your firewall.

      • Jon K says:

        Apparently the wonderful Time Warner Cable people have upgraded their network and haven’t informed their customers. I’m actually kind of pissed. They just kept me on a ‘legacy’ slow plan while at the same time were offering much faster internet at the same price to new customers. Look at the wikipedia page
        Bottom line time warner cable doesn’t give two shits about customer service. I feel like a total chump, but what kind of company rolls out a major upgrade and then doesn’t tell the customers that it is available.

      • Steve Greene says:

        Apparently I’ve been getting 6 mbps for the price of 15 mbps because I have a legacy Earthlink account. Bye-bye Earthlink.

    • Tom Birkland says:

      I’ve got TWC in Cary, and just hooked up a Netgear router (DOCSIS 3.0) and easily get 100mbps on the wired connection. And the setup didn’t take long, which is weird. I’m a little surprised that TWC so badly muffed this, considering that my cutting the cable cord, sticking only with the top tier internet, and buying my modem and hooking it up went way easier than *any* transaction I’ve ever had with TWC. I think they’re maybe feeling Google Fiber coming. They upped the speeds to a max of 300mbps about six months ago. None of this, however, explains what seems to be TWC’s own people falling prey to a scammer. Shouldn’t they know better?

      • Steve Greene says:

        Uhhh, yeah, they should. I’ve actually generally had good customer service experience with them, but that’s about as bad as it gets. Full of politeness while they potentially ruin my computer through carelessness.

  2. Mika says:

    Nightmare! But the scammer using the 111 password is funny.

  3. John F. says:

    Call Time Warner (request a supervisor) and ask that they reset your IP. They’re leased IP addresses with long durations so they can be reset. Also, if you’re using Windows Firewall know that it sucks. Big time. Get ZoneAlarm or something equivalent.

    If you really wanted to be sure you won’t be compromised by this guy again you can exchange your cable modem for a new one so you’ll have an entirely new MAC. That’s what I would do because you are vulnerable.

    And I hate to be the one to tell you this but Time Warner did a system upgrade recently that you would only benefit from if you requested a new cable modem from them (or a new one like you purchased). TW was offering the modems for free but I think you’d still have to pay the monthly.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: