Am I Being Too Paranoid?

Ltriviums on 08/03/2017 - 00:55
Last edited 08/03/2017 - 01:22

I need some advice on whether I'm being too paranoid about wanting to change all my passwords and format my hdd.

I recently contacted technical support through an online chat for a software I bought where the serial key wouldn't work on my new computer. The technical support person said he needed remote access to fix my problem and I gave it to him (this is normal procedure). After entering something in to command prompt he said he needed to retrieve my serial key from within my computer.

He typed in: “sfc /scannow“ (I should have noticed something shady going on but didn’t…)

As the scan was taking a while I went and had a shower (This is part of the reason why I want to change my passwords as I don’t know if he installed a keylogger or something while I was away).

A few minutes after I got out of the shower, he said he need to go and do something for a second and ended the chat. Moments later he opened a browser and copied and pasted a link in. The link was a login page to access my account with the software company. I entered my details and a new chat was opened (This is the second reason why I want to change my passwords as I don't know if he redirected me to a fake website).

I finally started to catch on to something odd going on and asked him how he was going to retrieve my serial key from my computer when it was a new computer???

Seconds later he opened up the software and entered two serial key (first one failed to authenticate). He opened up notepad and started to explain what was going on. He explained that I was attempting to use a serial key for an older version of the software and that he needed to play a part since the chat was being monitored.

Should I be grateful he was willing to risk repercussions so I could get a free upgrade to a new version of the software or am I correct at being paranoid that nothing is free and he did something to my computer?

Computing

Comments

Findo on 08/03/2017 - 01:18

Sounds too good to be true. Symantec Remote Desktop can't access my computer, they can only instruct me to do this and that. Is your software company a reputable company?
- triviums on 08/03/2017 - 01:20
  
  yes, extremely reputable. I am certain others on ozbargain use this software as well.
[Deactivated] on 08/03/2017 - 01:38

My information is a little dated (presume Windows 10 will still have it), but people should get into the habit of turning on IP logging for a while, when the computer is idle. You can check connections being made and dodgey activity. Some might be legit (but you should regedit bloatware away anyhow).
Sage on 08/03/2017 - 05:01

Yes you are.
He found the issue you were asking about, how is that dodgy?

Everything he did is traceable in theory, so it wouldn't be worth scamming you unless he had no reputation at stake.

The command "sfc /scannow" is a built in Windows command for checking system stability.
The "fake website" you're worried about can be seen from the browser history, just read the URL if you want reassurance that it's correct.
But why would they steal your log in details for their own website? Doesn't make sense.

You can reformat if you like, it won't harm anything.
As far as changing your passwords, this isn't worth considering unless you typed them in since this happened. But I doubt there's a keylogger installed anyway.
derek324 on 08/03/2017 - 08:31

Not paranoid at all. But no need to panic.

Change your passwords (how long it would take?). Contrary to previous advice: it is good practice to refresh passwords from time to time. If a person connecting to you used VPN, he is practically untraceable.

But there is no need to format the disk and reinstall. Use free tools to check your system for malware (e.g. Malwarebytes). Use free traffic monitoring tool (e.g. GlassWire). Clean cache in all your Web browsers to remove browsing history, cookies, stored passwords. Keep all your passwords in one easy to use, heavily encrypted data base (e.g. free KeePass). Google for links and 'how to' for all mentioned above.

Myself I would never give anyone access to my system from an external, remote connection… but this is just me (and a few millions of other paranoid people?).
Gronk on 08/03/2017 - 08:38

sfc /scannow = System File Checker - he's checking the integrity of the files Windows needs to operate

I don’t know if he installed a keylogger or something while I was away

Yeah that's a bit bonkers mate, remember, you reached out to them.
- derek324 on 08/03/2017 - 09:20
  
  "Remote access scams" from The Australian Competition and Consumer Commission:
  https://www.scamwatch.gov.au/types-of-scams/buying-or-sellin…
  
  "Is it Safe to Allow Remote Access to My Machine?" levelheaded advice from Ask Leo:
  https://askleo.com/safe-allow-remote-access-machine/
  - Gronk on 08/03/2017 - 09:58
    
    Both those links are primarily warning against allowing remote access to an unsolicited caller.
    
    The second one does touch on only allowing access to reputable organizations but is pretty vague beyond that, it's not really telling us anything we don't know.
    - derek324 on 08/03/2017 - 11:34
      
      Sure, it is not telling me anything I (or you) don't already know. But common knowledge it is not:
      https://www.scamwatch.gov.au/about-scamwatch/scam-statistics
      Personally, I am suspicious of all the things that the average people believe.
garetz on 08/03/2017 - 08:59

You can never be too paranoid.
- outlander on 08/03/2017 - 11:23
  
  Thats what 'they' want you think
  - derek324 on 08/03/2017 - 11:36
    
    https://www.scamwatch.gov.au/about-scamwatch/scam-statistics
    (or is it fake statistics 'they' provided?)
djbarnes on 08/03/2017 - 09:26

+1

It seems weird that a bad guy would give you a key to licence the software and solve your problem that you asked him about, this behaviour seems more like a good guy.
A bad guy would ask you to take the laptop with you to the shower so he can watch you through your webcam…
If he did steal your password for their site, then hopefully it is not the same password that you use for everything else,
if it is then I recommend you use different passwords for different sites/systems (software such as lastpass can help with this - google it)
as someone said above, it doesn't hurt to change your passwords from time to time to keep them secure,
if you change your password it will give you piece of mind if nothing else.

Reformatting would be a pain, but if you feel paranoid enough then go for it.
I think you would be better off ensuring you have the latest updates on your computer, up to date antivirus and your firewall enabled.
supnigs super skids on 08/03/2017 - 09:41

better tape up the web cams now!

it could get hijacked and catch you doing the hnnnnnnnnnggg hnnnnnnnnnnnnnnnnnnnnnnnnnnnng. then you would get blackmailed and hnnnnnging sent to your work colleagues which will not want to shake your hand anymore. Word will spread and then new business partners engage you with that non contact 'hi' wave only
mskeggs on 08/03/2017 - 11:02

Turn on 2-factor auth to your email and maybe change your bank password.
I think it vastly unlikely there is anything amiss, but since it worried you enough to type this up, do that for your peace of mind.
outlander on 08/03/2017 - 11:25

If your that worried, call up a guy from the paper and he will wipe your system and reinstall a clean version of everything

Am I Being Too Paranoid?

Comments

New Forum Topics