Computer Security

“Mac Security Warning” Popup : A Fake Tech Support Scam

4th Jul 2015

There’s a security scam doing the rounds at the moment. Not one of those annoying hoaxes where someone’s Aunt’s cleaner’s dog’s best friend was contacted by a mysterious stranger who drew a symbol on their picket fence, a real scam perpetrated by real live nasty people who pray on those less computer-literate.

Two of my clients have fallen for it this week, luckily one of them called me to check, the other sadly parted with £90.

This scam starts with a maliciously crafted advert on an innocuous site which pops up a dialog box warning you of a “serious security breach on your computer” with an 0800 number to call. If you see this message, do not under any circumstances call the number, it is completely bogus. 

Click Apple menu > Force Quit > Safari > Force Quit > Confirm, then re-open Safari holding down the shift key, this will stop Safari from loading the same windows as when it was closed, reloading the malicious website again.

If you do happen to call, you will get through to a ne’er-do-well in an Indian call center who will ask to access your computer remotely (first warning sign) via the LogMeIn Rescue service (www.logmein123.com). Once connected to your computer he will tell your your firewall is down, open the Terminal application and type the command “netstat”, which lists active networking connections on your computer.

The trixie part here is that netstat will produce a list of connections with a column headed “Foreign Addresses”. These ‘foreign’ addresses are simply foreign to the Mac, i.e. anything that’s not itself. This can include printers, routers, dropbox, any service you’re using that runs in the background.

Unfortunately these guys are using the “Foreign Address” to scare people into thinking they’re currently being hacked, and kindly offer to fix the issue for the low low price of £90. Thankfully it seems they just take the money and leave, I haven’t detected any malware installed on my client’s Mac as a result.

Please share this warning to anyone you might know who has a Mac. It’s not a hoax, it has cost my client £90, although he paid by credit card so should be able to get it back.

Rule of thumb : Never trust anything the internet tells you about the state of your computer. In the same way as I have no idea what you had for lunch, websites have no idea what’s on your computer.

So… what did you have for lunch?