Wikipedia:Reference desk/Archives/Computing/2016 May 24

Computing desk
< May 23	<< Apr | May | Jun >>	May 25 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is a transcluded archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

May 24

scammed?

I accidentally clicked on a popup; my screen turned blue, but I couldn't read the message because there was an overlay explaining that the computer was locked. It gave a number to call; it turned out to be Client Care Experts, a company in Florida with a professional-looking web page here.

The number might not really have been Client Care Experts, and they might have been faking the web page. Faked web pages are commonly used in various scams such as phishing. Robert McClenon (talk) 20:09, 24 May 2016 (UTC)[reply]

They offered to restore the computer functionality for $250.00. I gave the credit card information but it was declined by the credit card company. The rep called a number; an automated voice came on asking if I accepted the charge and I said yes. They performed he service and I received, again, a professional-looking receipt.

Soon after I got a voice mail from the credit card company saying I should call them, and I did. I said I had talked to the merchant and that the transaction was valid. But later, I read some awful reviews online saying this company was a scammer.

My antivirus is Malwarebytes. If it intercepted the locked screen, is it likely it would recommend a specific company to turn to for help? I thought that might be possible.

Do you know anything about this company? Is there a way to determine if it was in fact a scam? --Halcatalyst (talk) 12:46, 24 May 2016 (UTC)[reply]

The whole thing is a scam, from beginning to end. No legitimate company is going to "lock" your computer and charge you to fix it. -- Finlay McWalter··–·Talk 12:51, 24 May 2016 (UTC)[reply]

And it can actually be a criminal offence. Ruslik_Zero 12:57, 24 May 2016 (UTC)[reply]

This was unlikely that the computer was locked. More likely it is your web browser was locked. You could just invoke the task manager and close it. Ruslik_Zero 13:02, 24 May 2016 (UTC)[reply]

If indeed anything was locked. That might have been as much of a lie as everything else. Robert McClenon (talk) 20:09, 24 May 2016 (UTC)[reply]

They also sold me Webroot Security Anywhere, an antivirus. When I tried to register an account with Webroot, it asked for the product key, I called Client Care Experts and they wouldn't give it to me; they said the license was owned by them and they would take care of any issues that arose. Is this a legitimate business practice? --Halcatalyst (talk) 13:41, 24 May 2016 (UTC)[reply]

@Halcatalyst: Dude, as soon I read all of the above it took me 10 seconds to be convinced it was a scam! 250 bucks!?!? Really? No one in the world would charge this amount of money. And after all that you bought a anti-virus from the same guys? Next time buy your anti-virus in a store, in a box, with the reg-key included in that box, from a real person who can advise you. One advise from me, be more careful what you buy and from who, the world can be a bad place... OXYGENE 7-13 (TALKPAGE) 15:08, 24 May 2016 (UTC)[reply]

It's possible your computer didn't really have malware before but once you've given up control or installed "antivirus" from a scammer, there's a very good chance you have malware now. Unfortunately given what you've said here, I can only recommend you seek the help of a real professional company probably to do a fresh install. If you don't want to keep anything, doing a fresh install isn't really that hard, but it does require a very basic level of technical competence so wouldn't be advisable here. The only good news is that credit card companies tend to have very generous terms. If it's been edit: about 60 days or less, you may still be able to get your money back even though they twice tried to warn you that you were being scammed and you ignored them both times. Nil Einne (talk) 16:50, 24 May 2016 (UTC)[reply]

Yes, the reason your credit card was denied the first time is that this is a well-known scam, called ransomware. This is also why they called you to confirm it. And for $250 you could buy an entirely new PC (without the monitor, but you can still use your current one).

Beware that you are now likely on a "sucker list", so every scam artist in the world will be calling you or contacting you online to try to scam you some more. If there is anything the least bit questionable, please list it here, so we can advise you before you lose more money. StuRat (talk) 17:22, 24 May 2016 (UTC)[reply]

It's not actually clear that this is really ransomware (which generally implies there's some attempt to prevent access long term). As Ruslik_Zero has said, it's easily possible the computer wasn't really locked but simply the browser hung, or may be not even that. In other words, this may be closer to a Technical support scam. (That article seems to refer to the telephone variety, but there have definitely been those popup windows claiming your computer has whatever errors, malware etc for a long time. Before those telephone things were common.) A search of the "company" the OP was allegedly dealing with suggests this is more likely. Nil Einne (talk) 22:34, 24 May 2016 (UTC)[reply]

I did uninstall everything, including their homescreen icons. Hope that helps, at least. --Halcatalyst (talk) 19:02, 24 May 2016 (UTC)[reply]

You probably didn't succeed in uninstalling the installed malware. You need a profesional. They have probably installed their own malware on your computer, and you need it uninstalled profesionally. Robert McClenon (talk) 20:11, 24 May 2016 (UTC)[reply]

Trying to uninstall malware might be a fool's errant errand. The safe bet is to get rid of every program and reinstall them again. Llaanngg (talk) 21:35, 24 May 2016 (UTC)[reply]

Perhaps an errant "fool's errand". StuRat (talk) 21:43, 24 May 2016 (UTC)[reply]

Yep. Llaanngg (talk) 22:05, 24 May 2016 (UTC)[reply]

Or an arrant one's. —Tamfang (talk) 17:04, 27 May 2016 (UTC)[reply]

Speaking of sucker lists, when chain letters were common – twenty years ago? – I collected the addresses of their senders and sent them whatever chain letters I subsequently received. Dunno if it had any effect, but it was fun. —Tamfang (talk) 17:04, 27 May 2016 (UTC)[reply]

Maybe I missed it in the text above, but you need to contact your credit card company. At the very least, you need to cancel your card and get a new one. There is also a small chance that you can reverse the charges, though that's doubtful. I hate to be rude about this, but there's no part of any of this that wasn't obviously a scam. You seriously need to wise up. Ask a computer savvy friend to set you up so that your user account doesn't have permission to install anything. Matt Deres (talk) 01:53, 25 May 2016 (UTC)[reply]

All important links have already been made. I see this a lot in my work as a Help Desk Manager. Usually the browser is just being aggressively overrun by very persistent popups. You didn't mention this explicitly, but it sounds like you granted remote access to your machine so they could "show you how you'd been attacked", which is as ironic as it sounds. Unfortunately, the damage that can be done after this point is total and the extent to which you can track it is negligible. Best practice is a restore point/backup (if you have one) and a malware scan, or a clean wipe with a thorough malware scan if you brought any files over...and in either case proceed as though your identity has possibly been stolen. Your bank is just the first phone call. While it's over reaction in most cases, the potential consequences (i.e. identify theft) are so severe that they can be life-ruining. Anything that every passed through that computer can be at risk. Take your computer completely offline until you've either restored or wiped. Find a different computer and start changing passwords. No joke. Jessemulert (talk) 04:42, 26 May 2016 (UTC)[reply]

Why am I getting spam from myself?

Until recently, I don't believe any emails I sent myself were going to the spam folder. When they didn't arrive, I tried that and it worked.

Before I had my own computer, I sent messages to myself using Hotmail and Yahoo, among other email services, so I could read them wherever I was without always having to carry a disk, CD or flash drive. Even after I got my own computer, this kept me from having to save files there and back them up.

If I found online content (especially from sources only accessible at libraries, but also from any site I was reluctant to try at home) I wanted to read later (if time was a problem), I could copy and paste and send it from my Hotmail account to my Yahoo account. My old computer had a Yahoo button so I'm in the habit of using Yahoo at home. I sometimes send myself three or four of those emails in a day, and some are quite long, but this has never been a problem before.— Vchimpanzee • talk • contributions • 19:28, 24 May 2016 (UTC)[reply]

The From: field in emails isn't checked. Anyone who knows how SMTP works can send a email appearing to come from anyone. It's about as secure as the return-to address on the outside of a snail-mail envelope. LongHairedFop (talk) 20:06, 24 May 2016 (UTC)[reply]

Although anyone can claim to be bill.gates@hotmail.com, I thought that the origin of the email could not be faked. Whatever you send with this email would not come from the correct server, and thus would be marked as spam or filtered out. Right? --Llaanngg (talk) 21:41, 24 May 2016 (UTC)[reply]

It's not really clear what you mean by "origin of the email". However anything which isn't added, modified or tested by the final or trustworthy intermediate servers can obviously be faked. For example, if you are manually checking the "Received" headers, these can be partially faked. The first trustworthy intermediate server to receive your email will generally add its own "Received" header saying precisely what server it received the email from, but it would be easy to fool yourself with a naïve reading.

Traditionally there was really no way to automatically check any of the headers haven't been "spoofed" (including the from header). However nowadays the key standards to try and reduce spoofing are DomainKeys Identified Mail, Sender Policy Framework and DMARC. These make it difficult to spoof the from: header (and possibly other headers) but both the sender's email domain and the receiving mail server need to implement them. Also there are varying ways possibly spoofed senders may be dealt with, some may be more obvious to the end user than others. Note that possibly is a key word here, there are various things considered normal in the past which would cause an apparently spoofed email when the sender is actually the owner of the email account behind the from address. This is one reason why some may choose to either not use these systems or only do something which may be less obvious to the end user.

In terms of the OP, I don't quite understand what the problem is. If they are receiving spam emails which appear to be from themselves, it's possible these are spoofed or it's possible their account is compromised. If these are ending up in their spam folder, that makes the former more likely but only a careful looking at the headers is likely to tell for sure. If emails the OP sent themself are ending up in their spam folder then there are various reasons this may be happening. If these emails are actually being sent by third parties (like an email me this article service) with the "From" email appearing as their own email address then it's not particularly surprising, particularly with the earlier mentioned verification systems. It would probably be better for the service to mark the "from" as their own server and use reply-to or something similar to indicate who allegedly asked for this email to be sent. Allegedly is another key point, if all this is happening but the emails are still ending up in the spam folder, this may be because such third party services often do send a lot of emails often without any real opt-in or check of the person asking for it to be sent. So these emails are likely to be unwanted by some people receiving them.

Nil Einne (talk) 22:22, 24 May 2016 (UTC)[reply]

If I'm understanding your question right, you're asking why e-mails sent to yourself through your Yahoo e-mail account are being marked as spam. My bet is this has to do with Yahoo changing their DMARC filtering policies. I have heard about this causing a lot of disruption, as it has led to Yahoo erroneously marking many messages as spam. All you can do is try adding your own address to your contact list (this may cause Yahoo to whitelist the messages) and complain to Yahoo. You also might consider trying more "modern" ways of syncing things between computers. You can use a "cloud" service like Google's offerings or Pocket to sling bookmarks and whatnot between systems. Or if you're privacy-conscious, run your own server. --71.110.8.102 (talk) 00:43, 25 May 2016 (UTC)[reply]

I don't need to whitelist, because some of the emails are getting through. And I am the one sending the emails. I don't know why this has only happened in the past couple of the weeks. Google is something I don't intend to use except for searching. I don't like their email service and I certainly don't like the idea of being signed in when I do a search.— Vchimpanzee • talk • contributions • 17:48, 25 May 2016 (UTC)[reply]

Whitelists aren't just about allowing emails through. They can also be to stop emails being marked as spam. It's not really clear to me what you mean by "I am the one sending the emails". If you are using a Yahoo domain for example, then with modern means Yahoo may dictate that only their servers are allowed to send emails with a from: for that domain. As a customer of their service, you may be allowed to send emails with the from: being to the address belonging to you, but only if you use their servers. As I mentioned above a lot of traditional practices perfectly ordinary in the past are no longer considered advisable due to the various efforts to reduce spam. (Not something new but each service makes their own decisions and these decisions change over time.) Even if we knew precisely what you were complaining about we probably couldn't offer that much help other advising the attempted use of whitelists and filters or a different service or method of doing things, and we still don't really know what you're complaining about. Nil Einne (talk) 02:33, 26 May 2016 (UTC)[reply]

It's very simple. I sent several emails to myself (Yahoo) from Hotmail, something I frequently do when I go to one particular library, and during two of the past three weeks, some of them when to the spam folder. Last week I even had one go to the spam folder that I sent from a different address (AOL). None of the emails went to the wrong place yesterday. Anyway, what I normally do at that one library is put together all the emails I sent myself at an address I use only at that library (Lycos), and send part of the information back using Hotmail to send and Yahoo to receive.— Vchimpanzee • talk • contributions • 18:26, 26 May 2016 (UTC)[reply]

RSS Feed / time Sync app.

I have been searching around for an app that could sync all of the rss feeds I subscribe too and save the listening times so that I never lose my place in a podcast. I wanted to know if an app like this exists something that can be synced up on my desktop and on my galaxy s6 phone?

I am looking to listen to 35 minutes of a podcast on my phone then get on my computer and when I go to the app its already saved the time I stopped on my phone and begins playing at 35 minutes on my desktop. — Preceding unsigned comment added by 2602:306:CE9D:B960:E142:1063:C8BC:A85C (talk) 23:55, 24 May 2016 (UTC)[reply]

→Podcast client --Hans Haase (有问题吗) 21:33, 25 May 2016 (UTC)[reply]

gpodder supports to sync a mobile device. It is up on the media player of the mobile how useful the solution is. --Hans Haase (有问题吗) 21:37, 25 May 2016 (UTC)[reply]