May 19, 2017

The other day my dad got a really authentic looking Canada Post email that said he had an unclaimed package waiting for him at the post office. He did just make a rather expensive purchase that he was waiting on in the mail so he didn't think twice about clicking the tracking number on screen before going up to get the package. As soon as he did he got hit with a .zip file. I quarantined and deleted the file and ran a bunch of different anti virus software and it all came back clean, but he was getting blasted with spam emails that the spam filter wasn't picking up. I was confused as f--- about this and what the point would be in blasting him with spam, I'm talking literally at least 1 email a second. He got almost 50k emails in the past 3 days from random sites and obvious spam s---. I thought they just had some kind of tracking info in the fake Canada Post email which would let them see that he clicked the link and would be vulnerable to other scams, but it turns out that the zip file had some malware on it that instantly infected his computer and hid itself from the anti viruses I installed. He was being blasted with emails because last night he was charged over 10 thousand dollars through paypal, and I suspect they were hitting him so hard so fast so that he would miss the paypal emails coming through.

Before I knew that this was a phishing scam and I thought it was just a bunch of spam coming through, I told him to scroll through and shift-click the top email and the bottom one and mass report as spam so hopefully the spam filters would catch on and it'd start automatically filtering some of them. When he was doing that and scrolling through to the top he noticed that there was about 15 emails that were all the same subject and sender, They all said "You've successfully sent a payment!" and were all from paypal. I thought they were fake at first and they were another attempt to get you to click a link with a spoofed email address and format like the Canada Post one he got, but we logged into his paypal through his phone and found out that there were about 5 $700+ charges made to his credit card that were made to some phony "rental company". Just before that there were about 10 $500+ charges that had the reason listed as "goods and services".

We were lucky to catch it when we did, because if we missed the emails in the blast of spam we got and somehow the charges went undetected there'd be no recourse. We had the paypal account put on lockdown, we terminated the e-mail (it was one of those emails you get through your ISP when you join them) and called the credit card company and all charges are going to be investigated and ultimately dropped, and I also ran some more intensive malware-specific anti viruses and got rid of the hidden files. I was f---ing baffled at how fast this all happened. I thought e-mail scams were targeting old folks homes with poor grammar and english, and they required you to enter credit card information to actually get money from you.

Just wanted to throw that PSA out there. My dad's in his mid 50s, he's far from some old geezer who's falling for Nigerian prince scams, he was just expecting a rather expensive package in the mail and thought he got an alert from the post office that it arrived. s---'s getting real out here. If you or your fam get hit with this email bombardment thing, go ahead and lock up your paypal account and any personal information you have related to that email. And don't trust false negatives on anti virus programs. Idk if the states have a Canada Post equivalent (USPS I guess?) but keep an eye out brehs s--- looked authentic at a first glance and tbh I probably wouldn't have thought much of it either if I were expecting something that I ordered with that email address

 

May 19, 2017

TLDR: Email scams aren't simple "im frim nigeria pay me $40 grand and i wil transfer u 1million dolars pls" anymore and the s----s getting more and more authentic looking so keep u wits about u

 

May 19, 2017

Australia had the same thing with an Australia Post e-mail. Is it maybe that new 2spook4u virus that gets through an exploit via outdated windows? or is that a different thing? been hearing more and more about it and i have like 1.6gb of windows updates to install

 

May 19, 2017

I was worried about that but that's some kind of ransomware that locks your system up and holds it hostage. I was worried he had that but it was just bombarding him with emails and I was confused as to why until he luckily caught those paypal emails. Far as I know/can tell it's not related in anyway.

 

May 19, 2017

maybe the titles not the greatest if they're doing it in aus too idk what to say then PSA to people with emails

 

May 19, 2017

ah k thought so, the new spooky virus is like "giff bitcoins or lose all files" or something like that from what I heard, but this sounds fucky as. I'm not sure what happened with the Australia Post one, just heard about "dont click australia post emails they are viruses" Thought they may be related.

 

May 19, 2017

If I think a computer has something that the antivirus didn't pick up, I immediately scan it with malwarebytes (free), then Hitman Pro (Free), and a quick cleanup with Adware (free), and find those always take care of the issue. Anti-Viruses aren't great at picking up malware.

One of my clients did something similar and clicked on a link in an email that downloaded ransomware. That s--- is bad, encrypted all of her files and holds it for ransom and won't give you a key to unlock the files unless you pay the ransom. She wound up having to format the hard drive and losing all her files that weren't in the cloud

 

May 19, 2017

Yeah the second paragraph sounds like that virus i mentioned before, it's meant to be immune to anti-virus software in some way, i assume it's via some exploit in outdated windows as apparently that's how you get it and they only way to prevent it is to keep windows up to date.

 

May 19, 2017

Probably are tbh, there was a news story about them a while ago but they said they were riddled with spelling errors and fake logos and s---. This one had a few errors that you might not notice if you weren't looking for them but other than that it looked pretty legit. Should have printed a copy or taken a screenshot before terminating the email account

Yeah I ran panda and AVG and they came back clean, so I thought that was the end of it and they saw he opened the email through a tracking cookie or something and that sent up a flag to all the scammers that this email is active and someone is checking it. Ran Hitman Pro (gonna run Malwarebytes later on today when I'm finished up working) and it showed that my anti-viruses actually had been infected themselves and were showing false negatives.

Would you recommend wiping the hard drive after backing up some important files? Or is that unnecessary after hitman and malwarebytes? The paypal guy was urging my dad to not worry about the paypal, that they got it in time and it would be looked after, but to go ahead and immediately get his hard drive completely wiped and re-booted. I thought that sounded a bit excessive but idk after seeing the hidden files that hitman picked up. What do you think? Should I back up his important stuff and do a clean windows install or should it be good with the Hitman/malwarebytes/adware issue?

Right now after cleaning it with hitman I have him back on the computer and using it but I told him not to log into his new email or any other important websites or accounts until we get a chance to do a fresh install but im not sure if that's needed at this point or if it'd just cause him a headache in getting his files resituated.

 

May 19, 2017

Its called WannaCry (at least the one that's in the news right now) and they're advising that you never ever pay the ransom fee, but I don't think they actually have a decryption for it right now. But I think from what I read that one is moreso snuck into pirate sites like when you download music or movies or cracked games or something. Idk how accurate that is tho I only read it once

 

May 19, 2017

Also one thing that really f---ing pisses me off about this whole situation is that about 3 years ago my credit card number got stolen and the thieves charged 3 one-cent transactions to see if the card was active and usable, and the bank shut my card down right away and called me within the hour. This was almost two days between the first transaction of $500+ and the last transaction of $700+ and they didn't even mention it. We had to call them and let them look into it before she was like "oh hey look at that huh". Idk if it's cause it went through paypal but that ticked me off

 

May 19, 2017

That's a tough one to decide. I helped the woman run the malwarebytes and other programs that removed the infected files and thought that was enough, but their IT recommended to wipe it as well. At that point it didn't' really matter to her since all of her files were f----- anyway so they wiped it and reinstalled windows. If it was me, personally, I wouldn't wipe it..but I would keep a close eye on everything for a while....but no one else uses my computer so I wouldn't have to worry about someone else getting screwed.

 

May 19, 2017

Email and Pay Pal are both cancer. I'm honestly surprised I've never been hit with anything major. Just some background spyware once. I'm running Linux so I'm pretty safe from it all these days.

I recommend everyone who even suspects they have some s--- go to a site like the Malwarebytes Forum where they'll tell you to install a tool and post a file that will let them identify if you have any insidious s--- in your system right away. I used them to save my uncle's work computer once. His basically shut down when I installed Avast because of how infested it already was.

 

May 19, 2017

Yeah it's tough he doesnt want to wipe it because he obviously has files on it but at the same time Id feel guilty if I ran them and they didnt catch something and he got f-----. I guess Ill just backup his essentials and then do a wipe just to air on the side of caution. His main thing is a bunch of invoices that he usually does a backup on every month but I guess lately he's been slacking on that and his last backup was just before he got his taxes done this year so he was stressing about that. Idk I guess I should go ahead and do it

 

May 19, 2017

Dads are the worst. My dad downloaded malware somehow and it was giving him a system pop up to call a 1800 number that was for microsoft. The genius did it and gave one of Narsh's cousins in India control of his computer where they claimed to find malicious programs that only paying $200 for support would fix. Luckily he called me and I told him to disconnect and never do anything that stupid again

 

May 19, 2017

The lady who's computer had to be wiped had all of her important files in OneDrive. They got infected too since it was synced through File Explorer, but Microsoft was able to reinstate the files before the infection started. I would look for something like that as a cloud backup for the future for anything important

 

May 19, 2017

Here's the link to the site I was talking about:
https://forums.malwarebytes.com/forum/7-malware-removal-for-windows/

Lots of virus type stuff can hide itself so that wipes won't even clear it short of uninstalling and reinstalling the operating system.

 

May 19, 2017

Yeah I was on mac from pretty much windows 7 until 10 so im still not caught up on all the new fangled windows features but I was going to get him a drop box account or a google drive or something, but if windows has a built in cloud service I'll definitely look into that too

 

May 19, 2017

Thanks I'll check that out later. If we can avoid a full wipe that'd be great

 

May 19, 2017

Glad you caught it when you did. Still blows though