Thanks for all the advice everyone.
Your mother didn't enable 2FA on Paypal and bank?
I honestly can't even say for sure. What I can say is that my mom has auto login for all her stuff through chrome. So if they had access to the computer, it wouldn't even be an issue for them to just go around to various bookmarks she has and instantly login and do damage
I'd recommend a first step to complete wipe and reinstall of the PC. With that kind of access you don't know what could be hidden in the system. Change every password, change every CC number, assume everything is compromised. Get credit monitoring, many banks and Credit cards offer it as a complimentary service these days, and watch for new accounts. Finally go over some security basics with your parents, teach them about phishing, how no one will ever contact them about a computer security issue, and to never click on unknown links and etc.
I had her call up all her credit cards and put holds on all of them. Seems like PayPal and the bank account were the only things touched. Couple hundred dollars each but both places said they investigate and work to get the money back to her within 10 days or so.
my major concern is them digging in her files and getting very sensitive information and this escalating into more severe case of identity fraud.
Back up data, format and reinstall windows. Then lock that shit down.
I had her disconnect everything
from the computer. I'll go home and backup what I can. If I format everything and basically get everything back to factory setting, is that enough to move forward with new virus protection and not feel like there will be any remnants from this breach.
at this point my mom is spooked and doesn't even want to the computer anymore so it's gonna be hard convincing her that things are fine if I don't just dumpster the whole thing.
Same thing happened to me not too far back, best of luck
It was pretty much down to getting the financial institutions notified, wiping the computer, and changing the passwords on everything, which was actually beneficial for organizational and memory purposes, considering my mom had like a 200 page address book of handwritten passwords that had been scratched out, replaced, written in the margins, etc. over the course of like 15 years
thanks for the insight. I'll check the thread when I get a chance. Currently stuck at work.
If she has a wireless network enabled, have her change the password for the network.
If you can wipe the computer that is the best option, however if your mother has a lot of documents saved to the computer (ie. pictures), this may not be possible. If wiping the computer is not possible then try the following steps:
Keep the computer offline and do some of the following:
Check her installed Programs -> Control Panel -> View By Small Icons -> Programs and Features -> Sort by "Installed On". This should give you/her an idea of any software that was installed recently. Uninstall anything that does not look legit and is recent.
Have her change her password to sign into the computer, most likely this is a Microsoft account, so help her enable 2 Factor Auth.
I'm definitely gonna wipe everything. I'll check offline to see if there were any recently installed programs before I do. I'll change the password for the WiFi as well. Should I be concerned this may be a bigger breach than just the computer itself? I'm mildly concerned because we have another computer in the house that I use that's connected to the same network. That computer is on but asleep so I'm worried if I need to treat that as compromised as well.
Freeze their credit card accounts, notify the bank of fraudulent transactions, backup important files if applicable then do a clean reboot of the computer--drives and OS and all.
When this happened to me the hacker bought a phone off of my Google account, and Google said that the transaction was one that I made even though it obviously wasn't. So now my Google Payments account is suspended but thankfully my bank was able to do a chargeback.
To prevent this in the future, never download apps from sketchy websites. Usually downloads that involve clicking through multiple websites or even Google docs are very suspicious.
Another thing to note is, in my instance, when I scanned the app I was downloading it didn't bring up any viruses on MalwareBytes, so I proceeded to run it. Big mistake.
Change every password that could have been used on the computer after the reboot is done. Consider showing your parents Bitwarden or other password managers to make it easier--they could keep it on a mobile device if they wish.
It's scary and frustrating dealing with this situation, but hopefully it resolves quickly for you and your parents.
thanks. I really appreciate it. I really don't know what my mom did or could have did. She claims she was just checking her email and then it happened. I'm inclined to believe she clicked on something in an email that she shouldn't have that caused this to happen.
The most common cause of this sort of attack is that your parents would have voluntarily consented to giving control of their computer to someone who called on the phone claiming to be tech support from Microsoft. By far the most important thing you can do to mitigate this going forward is telling her not to do this ever.
ive definitely talked to her about scam phone calls. She said as all this was happening she was getting repeated phone calls from a number in California but she didn't answer (we live in NYC)