On Tuesday, my computer was hacked royally. And I helped the slimy skulker do it. All sorts of red flags should have alerted me to the danger, but I ignored them and became a party to my own hacking. How embarrassing is that? Don’t let it happen to you.
I had just opened my MacBook Pro laptop to begin my day’s writing when a window popped up in the middle of the screen indicating that this was a “System-key 23.xyz.” warning to a “Telus Communications User.” It said I needed to know that my computer was infected and that I was in danger of losing all my data. To avoid further problems, I was to phone the 1-844 telephone number provided without closing my computer. Assuming this was a communication from my internet provider, I obeyed the instruction, and called the number.
That was Flag Number One. This is a classic line which should have immediately alerted me to the fact that this was a scam. A computer-literate friend of mine later told me that no one external to my computer can ever know in the abstract that there is anything amiss with my computer. What I should have done, right away, was to close my computer. If my computer would not close (which may have been the case, I can’t remember), I should have disconnected my router from the wall and cut my wireless connection.
I did neither. I blithely used my iPhone to call the number and the drama began. Right away, “Ethan, employee number 1603, extension 8008” answered. He said he was a “Microsoft-certified technician” who also “provided support to all Apple users all over the globe” and that he was working from the “Apple Support Desk in Buffalo, New York.”
Flags Number Two, Three and Four. I have worked on several Apple computers and devices for more than six years. I have also used Apple Support, on occasion. I should have known instantly that “a Microsoft-certified technician” does not fix Apple computers, and that the Apple Support program does not operate, out of the blue, from Buffalo, New York. What was I thinking? These were all obvious clues. That I did not pick up on them gave the hacker the information he needed to know that I was someone he could exploit.
“Ethan” went on to tell me that he “would check out any damage to [my] machine,” “check for viruses,” “insecure connections,” and “malicious infections,” since it appeared that “there were no protections on [my] machine,” and “no warnings.” Without protections, my computer may crash and without backup I “might lose all my data.” He asked me for permission to access my computer so that he could show me the problems. I said, “okay. I guess you need to do that,” or something to that effect. He then showed me a code page from the computer indicating that there was malicious software shown in the codes. During our conversation, which went on for some time, he assured me that he would “clean and tune up” my computer, “optimize the browser,” “run the stop services,” “update the drivers,” “install Mac Defender” and “install Apple MacKeeper.”
Flags Number Five, Six and Seven! In my work life, when I used Microsoft computers, I had bought Norton software to give protection against hackers. I had assumed that Apple products were less prone to hacking than Microsoft, and that anti-hacking software was built into my machine. No professional techie that I had used to rationalize my Apple computer, and no instructor in any One-on-One program I had taken, had ever suggested that any extra protection was necessary. This guy was telling me differently. And I fell for it.
Until he mentioned “Mac Defender,” and I saw that the printed material he was flashing on my screen was misspelled as “Apple Defends.” When he said “MacKeeper,” the penny finally dropped. Late one night, several months ago, I saw a “MacKeeper” ad on my Facebook page, and followed up. When I did so, I discovered that “MacKeeper” is a scam which I later tried to remove from my computer but was never quite able to do.
At that point, I freaked. I confronted him and said that he was a hacker and that this was a scam. His tone changed. He called me a “lady thief” because I “had wasted all his time,” and he began using FaceTime to flash pictures of me over and over again on my screen. Totally intimidating to say the least. He then told me that my computer was now useless and I should throw it out. I put my iPhone down beside my laptop and used my landline to call Telus support to resolve this rapidly escalating problem.
I’d forgotten that I would have to wait awhile to get through to Telus. Eventually someone answered my query about the internet and I asked to speak with Telus technical support. I spent some time with the Telus operator who was consistently unresponsive to my questions. Obviously she knew nothing about computers. I insisted that I speak with her supervisor or someone in the tech department right away. She asked me to wait. I waited. She returned to tell me that because I did not have a Telus Internet Protection Plus Plan, which costs $50 to start (I think she said), and so much per month, there was nothing they could do. I told her that no one had ever told me that before and that I had never been given an option to buy the Plan or not. She suggested that I disconnect my wireless by unplugging the router. I unplugged the router. But that was that. Without the Protection Plan, it was not a Telus problem. She gave me a number for Apple Support and suggested I should call them.
At that point, the hacker started typing on my NoteBook Page: HEY STOP FOR A SECOND I HEARD THE CONVERSATION THAT YOU JUST HAD WITH TELUS. NOW LET ME TELL YOU. I BELONGS TO ISIS ISLAMIC STATE AND OF IRAQ AND SEREIRA. MY NAME IS ABDULLA BAKR – AL BAGHDAD AND I AM A SERIAL HACKER. NOW I HAVE ACCESS TO YOUR INFORMATION. NOW I WILL SHOW YOU THE CONSEQUENCES. I realized to my horror that I had not ended the call with the hacker on my iPhone. I immediately turned off my phone and called Apple Support.
The Apple Support technician asked my name and my product, and politely but firmly de-escalated my rising panic while emphasizing our mutual need to get my computer up and running again, safe and sound. He told me to turn off my computer. I turned off my computer. (How come I had not done that before?) He then told me to re-activate my wireless and reopen the computer. He told me that the codes the hacker had showed me were their normal codes and said that there was nothing wrong with them. He ran his own scan of my computer, found that it was clean but for a couple of suspicious files, which he removed. He also cleared away a couple of icons of apparently legitimate applications which the hacker had put on my dock. He then installed a malware detection application, and appeared to have the computer functioning within fifteen minutes or so. Fifteen minutes. I had already cancelled my afternoon appointment in the expectation that it would take all day to resolve the problem.
Apparently, I had acquired an extended AppleCare Plan when I bought the laptop and it was still good for a couple more years. He told me that he was going to take personal responsibility for this file and that I should call him should any further problems arise or if I had any questions. He then sent me an email with his name, his direct telephone number, his usual office hours, and an invitation to leave him a voicemail or send him an email, promising that he would follow up no later than his next day in the office. Now that is good service.
That my computer is back operating is a huge relief. I am now in the process of changing all my passwords. I don’t yet know what else I may need to do. For the moment, I am exhausted. Another computer-literate friend said I was lucky. He knows of other hackers who have locked out computers and demanded ransom money from owners to regain access to their own data. I guess security is a really big issue. No kidding.