Help! Almost got scammed and gave the guy remote access!

Discussion in 'OS X Mountain Lion (10.8)' started by pierat, Jul 10, 2013.

  1. pierat macrumors member

    Joined:
    Dec 28, 2010
    #1
    I was looking for the phone number to call Brother tech support for a printer. I googled "Brother printer support" and it pulled up an official looking hit with a phone number. I was in a hurry trying to print an important document and just called them up. He asked for the make and model of the printer, which I thought was odd, but figured that some companies like Phillips and Magnavox are the same and have different brands. Then, he said he could fix it with remote access, which again I thought was strange because they have never done that for me before when I have called in the past. I let him have access to my computer on joinme, and that's when it got weirder. He opened system prefs and looked at the printer. Then he opened network prefs, which didn't seem odd because we were troubleshooting a wireless printer. But then he opened Terminal and typed commands that didn't make sense for troubleshooting a printer, nor for anything on a Mac. He typed the following commands
    cd
    cd/
    dir/s

    I am familiar with the cd/ command, but you must follow it up with a path as far as I know. cd doesn't do anything alone, right? And I know there is a dir command in unix, but I think that looks more like a windows command to display a directory, right? So, basically he entered a bunch of BS commands.

    So, right as he was doing this, I was thinking it was odd and he started showing me that since the commands came back as "no such directory", it meant the drivers were not installed on the computer. I called BS and told him to stop. He went on telling me that he could do a system scan to look for the drivers and assist me in installing them if they were not found on the system. I said no, disconnected his joinme access and told him he was done. Looking back, I see the number was not for Brother, it was a 3rd party company called Albion that seems to have some scam alerts under their belt. People have reported being called by them and scammed to pay for BS tech support. Now I am wondering if there is anything I need to worry about on my system that he could have had access to without me knowing it on joinme. I have little snitch installed, but I allowed all access temporarily when I installed the joinme application. Now, the access is revoked, but is there any way he could have slipped anything into my computer that I should worry about? If anyone can help me out here, I would really appreciate it, I'm freaking out a little bit!
     
  2. Jonnyfive macrumors regular

    Joined:
    Feb 28, 2007
    Location:
    British Columbia
    #2
    No, you should be safe unless you saw him install something.

    Give me access to your system and I will take a look... Just kidding :p
     
  3. pierat thread starter macrumors member

    Joined:
    Dec 28, 2010
    #3
    I didn't see any system prompts for any sort of installation going on. If that's the only way anything would have been left, then I feel safe now. I am usually very vigilant about things like this. I should have stopped him when he asked for the make and model of the printer without asking for a serial number. I knew it wasn't right. I think these people are a legitimate company that just uses predatorily tactics. From what I gathered, I should be okay since I didn't provide a credit card, that seems to be their scam, taking money for bait and switch support. I just feel violated from the whole experience. Thanks for the reply, you made me feel better. Johnny Five is alive!
     
  4. r0k macrumors 68040

    r0k

    Joined:
    Mar 3, 2008
    Location:
    Detroit
    #4
    Is the terminal window he used still open? Even if it isn't, start terminal and type "history" so you can see what he did. Better yet, type "history > whathedid.txt" and look through it carefully, looking for any commands other than "cd" and "ls". If there were any commands other than cd and ls, I suggest you post them here. He probably didn't have enough time to do any real damage but it's better to be safe than sorry.

    If what he was doing was the least bit legit, he should have been working in /Library/Printers/Brother and nowhere else. It bothers me that one of his first 2 commands was "cd /". "/" is a place no stranger from the internet should ever go on your Mac.

    I would also complain to Brother. Provide the complete url you found the guy and the phone number you called. I would expect Brother to have a team of lawyers waiting for some mom and pop outfit to use search engine tricks to make themselves look like http://www.brother-usa.com/ which is the legit site. I use Brother printers exclusively and visit their site once or twice a year. Tonight I found one of those "support parasites" listed ABOVE brother-usa.com because it was somebody who paid google for ranking. This is another place to complain. If you found those bozos through google, complain to google about it. I'm sure google doesn't want to be funneling traffic to a possible scam site!
     
  5. pierat thread starter macrumors member

    Joined:
    Dec 28, 2010
    #5
    No, the window wasn't open, he closed it. I used ~/.bash_history to export the history, didn't know you could just type.... history! Thanks for the lesson, that would have been much easier! So, these are the exact commands he typed from the history.

    490 cd
    491 cd/
    492 dir/s

    He was using this as a trick to lure me. He said something to the nature of, "since this command result is no such directory, it meanx the drivers are not installed on the system." That was the point I stopped him because I knew those commands and results had nothing to do with printer drivers.

    I will file a complaint to Brother as you suggested, but now that I look back, it's pretty easy to see the site wasn't Brother's. I don't think Google can do much about it, and Brother might nbot even be able to because they didn't claim to be Brother. It just said Brother technical support, which is after all what I searched for. No reason 3rd party companies can't advertise their service if that's really what it is. I was just not paying attention. Luckily, I spotted the BS before it was too late, many people wouldn't have.
     
  6. old-wiz macrumors G3

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
    #6
    google search can easily lead you to fraud sites.

    Make sure the url has .brother.com at the end or something like that.

    there's another thread around about someone trying to get help for a mbp and wound up a sponsored link to a non-apple support that said they were apple.
     

Share This Page