Can I Use This MacBook Again?

[Christine1234]

About three months ago I got an email titled Your Purchased Item's Report. It had the apostrophe in the word items even though it doesn't belong there. I clicked on it and downloaded the attachment. It was a Norton Lock invoice for $499.98. I reported it to Yahoo Mail.

Then I went to a few web sites, and did a search for fountain pens. I clicked on a link to a pen on Amazon, and the currency symbol on all the items it showed me was one that I did not recognize. Amazon gave the price of shipping to Mumbai.

The computer has the free version of Malwarebytes on it, but it's expired. I ran a scan. It did not catch a problem. I stopped using the laptop. It's a 13" 2017 MacBook Air running Monterey. The closest place that works on Macs is an hour away and they want $125 to walk in the door. I usually check my banking on line from my laptops, but have not used that laptop to do that or anything else since this incident. I switched to a MacBook Pro, but would like to use the MacBook Air again. Thoughts? (Yes, I know I did something dumb. I worried when I saw the email and should have deleted it. Dumb me.)

 

[kevcube]

it's extremely unlikely that your computer got exploited by a PDF file, if you keep your software up-to-date.

I believe these emails are usually sent as social-engineering campaigns rather than malware campaigns. I have one in my junk inbox that I'm looking at now, and it clearly has a phone number to call at the bottom of the email.

The hope is that you'll freak out saying "I didn't buy that!" and call the number, and then on the phone they'll convince you to install teamviewer, hand over your credit card, or something else nefarious.

It's possible that your amazon account was compromised in some other way but I highly doubt that your computer was infected by opening that attachment.

 

[mmkerc]

Understand your caution, especially given you Amazon account now thinks you are in India though you do not say where you are located (do not need the info, just clarifying the assumption that you are not in India). At a minimum I would purchase a virus/malware program. Personally I use paid versions of both Bitdefender and Malwarebytes.

Second given that you have other computers available I would do a complete hard drive reset, (return to factory settings) and reinstall. If you do not have a recent backup of your laptop (pre-opening the spam) I would backup to a standalone hard drive/flash drive (not a network drive or another computer). Reinstall OS from Apple's website, applications from original downloads or app sites, and selectively install documents (not applications) from you backup.

This is a bit of work especially if you have not done it before but should give peace of mind. Mac's tend to last a long time and you could likely continue to use that laptop another 5-7 years so worth the effort.

 

[Christine1234]

it's extremely unlikely that your computer got exploited by a PDF file, if you keep your software up-to-date.

I believe these emails are usually sent as social-engineering campaigns rather than malware campaigns. I have one in my junk inbox that I'm looking at now, and it clearly has a phone number to call at the bottom of the email.

The hope is that you'll freak out saying "I didn't buy that!" and call the number, and then on the phone they'll convince you to install teamviewer, hand over your credit card, or something else nefarious.

It's possible that your amazon account was compromised in some other way but I highly doubt that your computer was infected by opening that attachment.

Many thanks. It is updated as far as possible, but it seems they're no longer putting out any updates for Monterey.
If the spammers' goal was to cause me to panic, well, they achieved that. If it had only been the email I would not have worried, but with both of them combined, it was a little much. And I live in Arizona.

 

[Christine1234]

Understand your caution, especially given you Amazon account now thinks you are in India though you do not say where you are located (do not need the info, just clarifying the assumption that you are not in India). At a minimum I would purchase a virus/malware program. Personally I use paid versions of both Bitdefender and Malwarebytes.

Second given that you have other computers available I would do a complete hard drive reset, (return to factory settings) and reinstall. If you do not have a recent backup of your laptop (pre-opening the spam) I would backup to a standalone hard drive/flash drive (not a network drive or another computer). Reinstall OS from Apple's website, applications from original downloads or app sites, and selectively install documents (not applications) from you backup.

This is a bit of work especially if you have not done it before but should give peace of mind. Mac's tend to last a long time and you could likely continue to use that laptop another 5-7 years so worth the effort.

On the MacBook Pro Amazon knew my correct location. After shutting the MacBook Air down and turning it back on, it knows where I live and who I am. Back when it happened, there was a popup message that called me Mohammed. My name is Christine, and I live in Arizona. Can I save all my information before wiping it, or is that not safe?

 

[Fishrrman]

You said you now use a MacBook Pro as your "main" computer, right?

And... in that case... can you "wipe clean" the MacBook and start over with it "completely fresh"?

If so, I suggest you use the "erase all content and settings" option to return it to "moment zero" (like the moment you first took it out of the packaging and turned it on).

IF THERE IS ANY INFORMATION YOU WANT TO SAVE, connect something like a USB flashdrive to the MacBook and copy it over. But judging from what you've posted above, I think I'd just "wipe it" clean and let it go at that. It's up to you.

How to proceed:
Boot it up, get to the finder.

Open System Settings.

In the search box at the top, enter "erase all content and settings" ("erase all content" ought to be enough). That should bring it up in "the list below". Click on "erase all content and settings", and you should see it appear "to the right".

Click the "erase all content and settings" button.
Enter your administrative password.

This will bring up a box showing the accounts you want to remove.
If there is more than one, remove all of them.

Then let it go. Should take very little time.

When done, I believe you'll see the initial setup screen asking you to choose your language (just like when it was brand new).

At this point I'd set it up with an account (username and password), but you can skip everything else for now if you wish.

WARNING!
Once again, doing this will ERASE EVERYTHING on the drive except the Apple OS and apps. So be sure you want to do this, before you proceed.

(I've tried the process on my own MacBook Pro once, and it worked well)

 

[Christine1234]

You said you now use a MacBook Pro as your "main" computer, right?

And... in that case... can you "wipe clean" the MacBook and start over with it "completely fresh"?

If so, I suggest you use the "erase all content and settings" option to return it to "moment zero" (like the moment you first took it out of the packaging and turned it on).

IF THERE IS ANY INFORMATION YOU WANT TO SAVE, connect something like a USB flashdrive to the MacBook and copy it over. But judging from what you've posted above, I think I'd just "wipe it" clean and let it go at that. It's up to you.

How to do proceed:
Boot it up, get to the finder.

Open System Settings.

In the search box at the top, enter "erase all content and settings" ("erase all content" ought to be enough). That should bring it up in "the list below". Click on "erase all content and settings", and you should see it appear "to the right".

Click the "erase all content and settings" button.
Enter your administrative password.

This will bring up a box showing the accounts you want to remove.
If there is more than one, remove all of them.

Then let it go. Should take very little time.

When done, I believe you'll see the initial setup screen asking you to choose your language (just like when it was brand new).

At this point I'd set it up with an account (username and password), but you can skip everything else for now if you wish.

WARNING!
Once again, doing this will ERASE EVERYTHING on the drive except the Apple OS and apps. So be sure you want to do this, before you proceed.

(I've tried the process on my own MacBook Pro once, and it worked well)

OK, thank you. I want to use the MacBook Air again, but right now, the way it is, I do not feel safe using it. A complete wipe of the system would make it safe again, and I would not need to worry about what might have happened.

 

[Apple_Robert]

@kevcube was spot on with his reply. If I were in your tech shoes, I would delete the email and keep using my Mac. You were not infiltrated with malware nor was anything sensitive stolen from you. If it would make you feel better, wipe the Mac and start new as Fisherman mentioned.

 

[mmkerc]

On the MacBook Pro Amazon knew my correct location. After shutting the MacBook Air down and turning it back on, it knows where I live and who I am. Back when it happened, there was a popup message that called me Mohammed. My name is Christine, and I live in Arizona. Can I save all my information before wiping it, or is that not safe?

Yes you can but I would save it to a stand alone hard drive or flash drive that has nothing else on it. Generally documents are not infected unless you open them while infected.

Once saved I would scan the drive with Malwarebytes, Onyx (also free), and any other security/virus programs you may have. While this is a bit over the top, peace of mind is worth it.