Can someone help me evaluate if this is a scam for Mac support?

Question

My father-in-law purchased a $400 lifetime support contract with a company (Cyber PC Experts).

Recently his computer has been acting up—running very slowly—so he requested support. The service tech took control of his computer remotely (from India) and pretty much fixed the issue.

A few days later, he gets an email from them saying that they need to check his computer again because it was hacked.

They did a few things to his computer while he was watching to show that it was “hacked.” Then proceeded to try to sell him a ~$1000 software/config to clear current “hacks” and to thwart future hacks.

I wasn’t involved until I heard this and went over to his computer and took over the phone conversation with the tech that was remotely using his machine.

My father-in-law told me that they showed him an IP address and then showed him the geographic location of the IP address and said that was where the hacker was. They even zoomed in and showed the building. It was a location in Los Angeles… Where my father-in-law lives.

I used a website to “Find My IP” and it matched up with IP address that the tech was showing him. Basically I think it was the public address that our cable provider shows as public for our home. I tried to “Find My IP” using other computers at his home and it gave the same IP address. So it was probably Time Warner’s data center.

The tech on the other end was also showing him the output of the netstat and top commands. They were telling him that there were a lot of “sleep”-ing processes and that supposeduly means his computer has been compromised. They also said that the high % of idle CPI cycles means that the computer was slowing down.

So, I basically kindly declined to buy the ~$1000 software to clean out his computer and prevent future hacks.

Am I right to call their bluff? Has anyone else encountered this kind of scam before?

---

Here are some report on Cyber PC Experts:

• Complaint / review: Cyber PC Experts - Internet Scam | #1299834

• Cyber PC Experts Reviews | Scambook

Answer 1

Your gut reaction feels correct. The description of sleeping processes and idle % CPU use is misleading.

The description of tracking IP addresses to a single location is unrealistic.

The costs involved are high. For that sum, consider suggesting your father-in-law engages a local Mac expert – or go to a local Apple Store for help.

Erase and Reinstall

If possible, back up your father-in-law's Mac to an external hard drive. Then erase and reinstall OS X:

1. Before you begin, make sure your Mac is connected to the Internet.
2. Restart your Mac. Immediately hold down the Command (⌘) and R keys after you hear the startup sound to start up in OS X Recovery.
3. When the Recovery window appears, select Disk Utility then click Continue.
4. Select the indented volume name of your startup disk from the left side of the Disk Utility window, then click the Erase tab.
5. If you want to securely erase the drive, click Security Options. Select an erase method, then click OK.
6. From the Format pop-up menu, select Mac OS Extended (Journaled). Type a name for your disk, then click Erase.
7. After the drive is erased, close the Disk Utility window.
8. If you’re not connected to the Internet, choose a network from the Wi-Fi menu.
9. Select the option to Reinstall OS X.
10. Click Continue and follow the onscreen instructions to reinstall OS X.

This should entirely remove any third party tools and processes that have been installed by the support company.

With the reinstalled OS X, only restore personal files and documents from the back up.

An Aside: Distractions and Blame

Please do not blame the father-in-law. We have not been asked to judge the company or individuals affected. @milesmeow asked for help to decide if their decision was defensible and if others have encountered this type of situation.

Answer 2

A lot of the things they said are absolute nonsense. Sleeping processes are absolutely the norm. For example you might have a process looking after your printer, and that process will be sleeping 23 hours and 59 minutes a day except for the one minute where you are printing. High percentage of idle time: There's absolutely nothing wrong with that. Your Mac is supposed to be "idle" most of the time. "Idle" means your computer isn't using its battery, it isn't heating up, everything is fine.

Of course they are telling your relative this nonsense to frighten him into handing over more money. Common sense: What are the chances of a hack happening just after they fixed an issue with his computer? What a coincidence. However, there is unfortunately a chance that his computer is hacked - by the friendly guys who fixed it. And since they are trying to pull a scam on him, they cannot be trusted.

I'd strongly recommending to make an appointment at the nearest Apple Store to have a look at the computer, and for general advice what to do.

Answer 3

My wife was subjected to a similar scam while I was away on a business trip. By letting a remote user install software that (they say) enables them to provide them with tech support, you have actually enabled them to install anything they like, for example, a program to trap keystrokes while you are typing passwords.

The only safe response is to delete and reinstall the OS from a new download and also reinsatall all applications, and then to restore only personal data files (no executable files) form the backup, as you have already been advised.

The scammers are relying on the fact that most users will not know what hidden viruses look like in netstat or a top. (If the computer really had been hacked, then netstat and top would probably have been replaced by hacked versions that did'no show the virus activity.) SLEEPING processes, as has been said, are absolutely the norm.

Answer 4

Technically they are entirely correct that the PC has been compromised, and that the one who compromised it was your father in law, therefore using your father in law's IP.

By allowing a malicious third party (Cyber PC Experts) direct access to the PC/Mac, the Mac has been compromised, and must be reinstalled from scratch.

There are several warning signs:

• They deliver lots of "proof" even tough all of it sounds somewhat fishy. If called out on one, they just offer another one. To someone with a software background it's immediately clear that what they are saying is wrong, so verify their proof with an acquaintance who works in software.
• The cost is ridiculously high. This must raise warning flags. Any consumer protection software package is much less than $100 per year, software repairs are $300 tops. To avoid this warning flag, scammers often go for smaller amounts than the one stated in the question and then slap on a recurring charge or something similar.
• If you type the name "Cyber PC Experts" into a search engine, the 3rd, 4th, and 5th link claim they are scammers.

So how to protect yourself?

1. Before hiring a company, perform due diligence first, look up the company on a search engine. If someone else hired the company don't assume they did due diligence, so do it for them. The absence of any information is just as bad as the presence of information that claims they are scammers.
2. If you get a blind call it's always a scam. Don't let them "prove" their identity with an email, because there are dozens of ways they can fake that for the average users.

One additional thing your father in law must do is to check his credit card statements, because he probably handed over his credit card to criminals. If he didn't, then he probably paid with a check, which carries it's own risk.

Answer 5

Yes it's a scam.

It doesn't need 'evaluating'. It's a famous known scam run by a couple of outfits in India.

Windows users are plagued by it all the time, and you can do a search for "Windows support scam India" to get the picture, where they say 'It's Windows calling'.

They get you to do the equivalent operations on Windows, - to panic about some innocent system information that they try to present as evidence of a 'virus' and that you've been 'hacked'.

It sounds as if they have diversified their operations to Mac systems now.

Why did your father-in-law get roped into that ? Apple themselves offer a comprehensive aftercare package if you want it, albeit it can get expensive. Or you can just go into their 'genius bars' for free.