July 11, 2016 12 Comments
So, I’ve been foolishly paying $8/month to lease my cable modem from Time Warner Cable. I knew this was dumb, but ahhhh, only $8. This week a friend told me his internet speeds went way up after replacing his modem. Now that got me moving. This Netgear cable modem got excellent reviews so I went with it.
I called TWC to authorize the new modem. Didn’t work. TWC provided me a number to call Netgear to help get it working. Netgear guy just had me bypass the router, hook the modem directly to my desktop, and call TWC back on a conference call. This TWC rep was smarter and did something different and got me connected. Netgear guy stayed on the line to make sure my internet worked when I reconnected the router. It didn’t.
He asked me to open a program (a legitimate citrix program) that would give him access to my machine for diagnostics. I was not suspicious because 1) I thought I was talking to Netgear, and 2) I’ve done this before successfully with Dell technical support. He ran through a bunch of stuff in Dos command windows that appeared to show my IP address was actually in Korea and that I had been hacked by a Zeus trojan. It seemed weird that Netgear would care about all this and I started getting suspicious, mentioning I wanted to talk it over with NCSU tech support, etc. He told me only a “level 7 anti-hacking expert” could fix this and nobody local would be able to help me. Again, really suspicious. Before I could get him off the phone, he told me he could fix everything for $300. As I was asking questions I saw him quickly bring up a password box and enter a password. Ruh-oh. I asked him about this and he said it would protect from further hacking. He told me my whole system was compromised– every device I use on the network and that basically only he could fix it. He had me write a text file with info, including a number for him, but insisted I write his number down with paper and pencil, too.
I got off the call, rehooked my router again, and this time it was working (honestly, I think it just needed five minutes). Quick FB message to a friend (thanks, MDG!) and it was pretty obvious this was a scam. But what? When I went to the command window, I saw that the last command used was “syskey.” I realized that was it. I was a victim of the syskey scam. Once I restarted, the computer would ask for a password and I wouldn’t be able to do anything without it. Except, of course, presumably call the malefactor and pay him $300. Fortunately, the scammer did not ask me to reboot, so I was able to use my computer in the meantime. I came across this and thought I had the solution. Alas, it still needed the password! I imagined that my entire Sunday would be restoring my computer (I at least found my backup DVD’s way easier than I expected). Enough googling of “syskey scam” and it turns out that passwords of 123, abc, 1234, 111, etc., were really common. I tried the first 3 of those with no luck and a falling heart. But, then, 111, and success! All the trouble this scammer had gone to and he locks my computer with 111??!!
So, it works, I’m good. I think. How in the hell did this happen? #1, my guard was way down because I was quite certain I was talking to Netgear technical support, since TWC had given me the number to call. Alas, pretty sure I was screwed by TWC. Google netgear tech support contact number and google pops up a box with 844-330-2330. Yep, so that’s how TWC gave me the number. And if you google the number, you can see all the different companies they are trying to use for this scam.
Anyway, that was kind of horrible. One of the very rare occasions I benefited from a benzodiazepine before bed. Like I said, I think I’m okay. From what I can tell, this is the scam. Just lock the computer. I didn’t see anything on-line suggesting further iterations beyond this. The bad guy has my MAC address for my modem and my actual IP (not the one in Korea), but I get the sense that there’s not all that much he can do with that as long as I’ve got a functioning firewall. Of course, I ran a full Anti-malware and Kaspersky scan, too.
Anyway, tomorrow I will be calling TWC and stressing they need to be a lot more careful about the phone numbers they give to customers! Oh, and my internet is exactly the same speed with the new modem. At least it pays for itself in 7 months.
It was also a fascinating lesson for me in how easily I could be duped when I believed I was talking to a legitimate person. In retrospect there were red flags all over the place, but when you think you are talking to Netgear, a red flag is more just a “that’s weird.” I hope I learned a lesson from this, but I’m not sure.