Phishing group gained remote access to my mother's PC

Jul 26, 2018
Hi Guys,
Yesterday my mum called me with the word's "I <mod edit> up, please help me".
She explained the situation to me then:
Apparently she had gotten a pop-up in chrome, that locked her on that page stating "Your windows has been locked". In the pressure and adrenaline they put her under, she followed all of their instructions.
In short: she fell for a Phishing attack (she feels super embarrassed about it and can't sleep calmly anymore..)

Now to what the phisher did:
First she gave them her entire personal Data (Name, Adress, etc).

She called them and they made her install a remote access program and gained access to her computer. (GoToAccess)

They opened random console commands, folders and system monitoring tools. (Probably to convince her that they were actually doing something)

Then they made her enter her credit card info into a txt file.
They also made her hold her ID card into the laptops camera.

Only after that she felt something was fishy, unplugged all network connections and called me.

I immediately told her to block her credit card, which she did and luckily no transactions had been made yet.

I went over to her place afterwards and ran avast scan and malwarebytes scan, both not finding anything. Meanwhile we changed all her passwords.
I looked for suspicious processes or programs in startup but didn't find any either. And of course I removed the remote access program.

Now my question is, is there anything else I should do?
I've thought about maybe doing a clean install of windows, using the windows 10 built in reinstall or running a boot able malware scan. Any recommendations?

About the identity theft, we will probably go to the police and report the identity theft, but as far as I could find, there is not much more that one can do..

Sorry for the wall of text. And thank you for your time reading this!

Saga Lout

If this came in my shop, as they often do, my first step is a System Restore back to a recent Restore Point - a Windows Update, for instance. That would get rid of any programmes they hid in folders under your Mum's App Data folders.

After the restore process, go into App Data - c:\users\{mums name}App Data, set the system to show hidden and system files and thoroughly check anything that happened on the day of the phone call.
Jul 26, 2018

Thank you for your answer!
I looked for a Restore Point on the laptop, but strangely there wasn't any..
She hadn't used the Laptop for 2 Months, since she was on Vacation, so maybe that is the reason why..

I will probably have to do a full format and clean install..
Do you think personal data like pictures are safe to be saved?

Saga Lout

Safety isn't guaranteed in attacked PC data but so long as you take it into the other machine and run scans immediately, you might get away with it. If she had passwords conveniently hidden in a folder named "My passwords", I hope she changed them all by now.
Thread starter Similar threads Forum Replies Date
Paul Wagenseil Antivirus / Security / Privacy 0
L Antivirus / Security / Privacy 1
R Antivirus / Security / Privacy 1
henrytcasey Antivirus / Security / Privacy 0
Paul Wagenseil Antivirus / Security / Privacy 0
icynicalb Antivirus / Security / Privacy 1
icynicalb Antivirus / Security / Privacy 3
K Antivirus / Security / Privacy 1
P Antivirus / Security / Privacy 8
Paul Wagenseil Antivirus / Security / Privacy 5
Marshall Honorof Antivirus / Security / Privacy 0
G Antivirus / Security / Privacy 1
gussrtk Antivirus / Security / Privacy 13
Stanley112 Antivirus / Security / Privacy 1
H Antivirus / Security / Privacy 1
Paul Wagenseil Antivirus / Security / Privacy 0
V Antivirus / Security / Privacy 5
F Antivirus / Security / Privacy 6
O Antivirus / Security / Privacy 2
M Antivirus / Security / Privacy 1

Similar threads