Help! Almost got scammed and gave the guy remote access!

pierat

macrumors member
Original poster
Dec 28, 2010
36
0
I was looking for the phone number to call Brother tech support for a printer. I googled "Brother printer support" and it pulled up an official looking hit with a phone number. I was in a hurry trying to print an important document and just called them up. He asked for the make and model of the printer, which I thought was odd, but figured that some companies like Phillips and Magnavox are the same and have different brands. Then, he said he could fix it with remote access, which again I thought was strange because they have never done that for me before when I have called in the past. I let him have access to my computer on joinme, and that's when it got weirder. He opened system prefs and looked at the printer. Then he opened network prefs, which didn't seem odd because we were troubleshooting a wireless printer. But then he opened Terminal and typed commands that didn't make sense for troubleshooting a printer, nor for anything on a Mac. He typed the following commands
cd
cd/
dir/s

I am familiar with the cd/ command, but you must follow it up with a path as far as I know. cd doesn't do anything alone, right? And I know there is a dir command in unix, but I think that looks more like a windows command to display a directory, right? So, basically he entered a bunch of BS commands.

So, right as he was doing this, I was thinking it was odd and he started showing me that since the commands came back as "no such directory", it meant the drivers were not installed on the computer. I called BS and told him to stop. He went on telling me that he could do a system scan to look for the drivers and assist me in installing them if they were not found on the system. I said no, disconnected his joinme access and told him he was done. Looking back, I see the number was not for Brother, it was a 3rd party company called Albion that seems to have some scam alerts under their belt. People have reported being called by them and scammed to pay for BS tech support. Now I am wondering if there is anything I need to worry about on my system that he could have had access to without me knowing it on joinme. I have little snitch installed, but I allowed all access temporarily when I installed the joinme application. Now, the access is revoked, but is there any way he could have slipped anything into my computer that I should worry about? If anyone can help me out here, I would really appreciate it, I'm freaking out a little bit!
 

pierat

macrumors member
Original poster
Dec 28, 2010
36
0
I didn't see any system prompts for any sort of installation going on. If that's the only way anything would have been left, then I feel safe now. I am usually very vigilant about things like this. I should have stopped him when he asked for the make and model of the printer without asking for a serial number. I knew it wasn't right. I think these people are a legitimate company that just uses predatorily tactics. From what I gathered, I should be okay since I didn't provide a credit card, that seems to be their scam, taking money for bait and switch support. I just feel violated from the whole experience. Thanks for the reply, you made me feel better. Johnny Five is alive!
 

r0k

macrumors 68040
Mar 3, 2008
3,612
73
Detroit
Is the terminal window he used still open? Even if it isn't, start terminal and type "history" so you can see what he did. Better yet, type "history > whathedid.txt" and look through it carefully, looking for any commands other than "cd" and "ls". If there were any commands other than cd and ls, I suggest you post them here. He probably didn't have enough time to do any real damage but it's better to be safe than sorry.

If what he was doing was the least bit legit, he should have been working in /Library/Printers/Brother and nowhere else. It bothers me that one of his first 2 commands was "cd /". "/" is a place no stranger from the internet should ever go on your Mac.

I would also complain to Brother. Provide the complete url you found the guy and the phone number you called. I would expect Brother to have a team of lawyers waiting for some mom and pop outfit to use search engine tricks to make themselves look like http://www.brother-usa.com/ which is the legit site. I use Brother printers exclusively and visit their site once or twice a year. Tonight I found one of those "support parasites" listed ABOVE brother-usa.com because it was somebody who paid google for ranking. This is another place to complain. If you found those bozos through google, complain to google about it. I'm sure google doesn't want to be funneling traffic to a possible scam site!
 

pierat

macrumors member
Original poster
Dec 28, 2010
36
0
No, the window wasn't open, he closed it. I used ~/.bash_history to export the history, didn't know you could just type.... history! Thanks for the lesson, that would have been much easier! So, these are the exact commands he typed from the history.

490 cd
491 cd/
492 dir/s

He was using this as a trick to lure me. He said something to the nature of, "since this command result is no such directory, it meanx the drivers are not installed on the system." That was the point I stopped him because I knew those commands and results had nothing to do with printer drivers.

I will file a complaint to Brother as you suggested, but now that I look back, it's pretty easy to see the site wasn't Brother's. I don't think Google can do much about it, and Brother might nbot even be able to because they didn't claim to be Brother. It just said Brother technical support, which is after all what I searched for. No reason 3rd party companies can't advertise their service if that's really what it is. I was just not paying attention. Luckily, I spotted the BS before it was too late, many people wouldn't have.
 

old-wiz

macrumors G3
Mar 26, 2008
8,323
225
West Suburban Boston Ma
google search can easily lead you to fraud sites.

Make sure the url has .brother.com at the end or something like that.

there's another thread around about someone trying to get help for a mbp and wound up a sponsored link to a non-apple support that said they were apple.
 

SSCD

macrumors newbie
Nov 1, 2019
1
0
Toronto Canada
Something similar happened to me. I searched for a brother printer help line because my printer registration was not working...google gave me a phone number and I called it 1888 404 0505 (https://brother.printersupportnumbercanada.ca/). I knew it was a scam when I told the guy I would not give him remote access to my computer. He hung up right away. What can I do so this website and scammers get shutdown?