Sign in to follow this  
JohnsonJones

LDS church directory hacked?

Recommended Posts

This week I got a call from a concerned member.  They were an older widow in our ward.  She had received a call from Microsoft, or that was what she thought.  They asked her for access to her computer and she gave it to them.  They asked for gift card numbers and she gave it to them and spent a LOT of money (she did not have) on buying them.  Then she started to realize that these people were probably not actually from Microsoft.  She asked me what to do. 

I DO NOT know what to do.  I told her this was probably the best course of action. 

1. Disconnect from the internet with that computer.

2. Make a police report.

3. Get the computer wiped

4. Get credit monitoring ASAP.

I do not know how thoroughly her information was compromised, but they had a program on her computer and I was able to access the logs.  It appears they took every document from her documents and download folder and downloaded it to wherever they were at.

I'm not an expert, and she asked me to save all her files and only delete the programs they installed.  I could see from the logs that it appeared they put hundreds of programs on her computer, but I couldn't locate it with a Antivirus.  I didn't want to tell her but I had NO IDEA what to do with a computer so infected.  I told her that what I could do was very little and that her best bet was to wipe the computer, but I was not an expert.  They have experts that can do this so we called them, finding out that they charge $80 for a more in depth virus scan and even more to wipe the computer.

She turned it off and I'm not sure what she will do next.

I also took several hundred dollars in cash out of my own pocket to help her out at this time, so, financially, at least for the present, she is not suffering (in case anyone was wondering, I don't know about later or if her bank accounts or CC will be hacked and used or not).

I am alarmed at something else.  While going through her files I found that among them was a Ward directory.  She was in a leadership position at one time and had used the ward directory in her calling.  In it were the names, addresses, phone numbers, and birthdates of all the members of our ward.  This is alarming because it ALSO included birthdates which are personal information.  I am pretty certain it is now in the hands of those who hacked her computer.  My thought was to alert the ward clerk who has more knowledge of this, as I do NOT know what to do in this instance.  I think I may make an announcement over the pulpit that the ward directory.  Other than this I have no idea what I am to do.  Does anyone know what I should be doing in this regard?

Share this post


Link to post
Share on other sites

- Contact her bank right now and they will walk through reissuing her credit cards, setting up credit monitoring, etc.   She needs to get herself protected.  If she has a responsible child, I would also recommend letting them know so they can support mom through this process and hopefully prevent a similar scan from happening again.  

- Lady needs to be taught about personal security and NEVER trusting random voices on the phone.  Hammer it home.  And do keep the child in the loop to re-hammer it in.

- The computer is a lesser priority.   Deal with that only after financial stuff is down with.   The simplest thing to do is to have her computer "reimaged"- aka wiped and Windows reinstalled from the ground up.  This is easy to do for any tech-aware person and there is no need to pay a computer store lots of money.  I'm sure that if you ask, there is a tech aware younger person in the ward that can do this for her.  They will likely need the computer for a few days to do this.  

- People's numbers and birthdays -- honestly this information is pretty easy for a hacker to come by.  If you're concerned, I would maybe have a special class for people about keeping information secure and being aware of threats.  If you are in a ward with a large proportion of older people, I would very much do this, as the scammers/hackers specifically pray on old people.  

Edited by Jane_Doe

Share this post


Link to post
Share on other sites
2 hours ago, JohnsonJones said:

I DO NOT know what to do.  I told her this was probably the best course of action. 

1. Disconnect from the internet with that computer.

2. Make a police report.

3. Get the computer wiped

4. Get credit monitoring ASAP.

Do all four on the same day - #1 first, then #4 - actually have her ask her bank if it wouldn't be better to open a new account(s) leaving only the barest minimum in the old accounts, then #2 and finally #3. Unfortunately Hubby allowed *Micro-Soft* to *clean up* a nasty virus and it nearly cost us all of his life savings/pension/etc  plus maxing out both of the credit cards. Fortunately, we had insurance through our bank to stop ALL purchases, withdrawals, etc. over $300.00 per purchase a DAY locally, and One hundred $ per purchase a day on-line, out of state & out of country. While he was on the land line w/ Micro-Soft, I got a call from the bank on my cell. The bank told me to unplug ALL computers from the internet, then to contact the real Microsoft [no hyphen] and report what had just happened. To take a screen shot and come to the bank and they will FAX it to the real Microsoft. The bank also told Hubby how to protect our $ when we order anything online, including our Rx's - it is called Safe Pay.

Also, she will be without credit and debit cards for 7-10 days. When our debit card # was stolen and sold abroad, we had to close our checking account. That meant that all of our current direct deposits had to be alerted which is a ROYAL pain, as well as all of our auto-pay accounts. Thankfully our bank made up  about 50 *counter* checks for us to use, as new checks wouldn't get to us sooner than 10 days. 

2 hours ago, Jane_Doe said:

- Contact her bank right now and they will walk through reissuing her credit cards, setting up credit monitoring, etc.   She needs to get herself protected.  If she has a responsible child, I would also recommend letting them know so they can support mom through this process and hopefully prevent a similar scan from happening again.  

- Lady needs to be taught about personal security and NEVER trusting random voices on the phone.  Hammer it home.  And do keep the child in the loop to re-hammer it in.

I would maybe have a special class for people about keeping information secure and being aware of threats.  If you are in a ward with a large proportion of older people, I would very much do this, as the scammers/hackers specifically pray on old people.  

As a senior citizen [66 yo count?] Hammering something home to me seems pretty harsh. Consider this: She has and is going through a rather traumatic time right now. IF she has a responsible adult child in her life, do you think she wouldn't have already called that child?

This I agree whole-heartedly, though one class at one time would be a bit overwhelming. If your ward/branch will allow it, having two classes a month for several months would be better, and not just for us old people either. I am constantly amazed at the number of youngsters [30-50 year olds] who are not wise  in a computer sense, and even more teens to mid 30's who are clueless when it comes to balancing a check book/ checking account and staying within a household budget.

Just a side note here - my hubby is not a dithering knot-head. He helped usher in the computer age while he worked at Kaiser Permanente in CA back in the day. Back when the monitors were small, chunky things with screens of black with green lettering. For his own personal use, he and his 14 year old son put together their own computer, buying all the parts from Radio Shack and some of the parts from work that he requested and paid for on his own.

For him to get duped by this Microsoft wanna-be hurt his pride/ego and it wasn't until later when I took a look at our check register that I figured out part of what happened. He had some of the numbers in the register transposed. For him that is a sure sign that his glasses need updating. For me, it means I had a severe headache and should not have been doing the bookkeeping. Also, this Alert on his screen, came in on bright white background, his eyes can no longer tolerate that - thus he has his background color in a med-soft grey, thus he didn't see the hyphen.

He has never just gone to Fred Meyer, Fry's, Walmart, Best Buy or Staples to purchase an "Off The Shelf" computer. He orders his through Dell, and puts together what he needs.

We have four computer Guru's at our small branch. Hubby is one, one is a 30 yo, one is a married 35yo wife and the last is a 15 yo boy. We also have nearly all of our over 60 widowed Sisters who received computers from their adult children so that they could be on FB w/them and the grandchildren and so they could email the children, grands and a few greats.

I have asked all of our Guru's if they would be willing to lead classes in Computer use and safety? They all are agreeable, yet they can't pick and pin down a week day or early evening. Our Branch President is okay - but he wants up to pick two days a month, and STICK to those two days. One thing they are in agreement is this: that ALL ages need to be included.

 

Share this post


Link to post
Share on other sites

Thank you for your replies.

I have told her she needs to close her accounts and open new ones.  She is pretty resistant to this.  I am not going to force her to do it, but I have relayed that this is something she should do.  I only hope her finances are safe for now.  She did at least alert her bank.

Share this post


Link to post
Share on other sites

So, credit card companies and banks deal with this stuff so often, it's really boring.  She calls them up and says "data piracy" or "stolen information", and they fall into their "ok ma'am, let's get you protected" script for the twelth time that day.   I don't think it would even occur to them to think poorly of the person.

But yeah, those phone calls need to happen like yesterday.

Share this post


Link to post
Share on other sites
On 9/12/2018 at 10:20 AM, JohnsonJones said:

This week I got a call from a concerned member.  They were an older widow in our ward.  She had received a call from Microsoft, or that was what she thought.  They asked her for access to her computer and she gave it to them.  They asked for gift card numbers and she gave it to them and spent a LOT of money (she did not have) on buying them.  Then she started to realize that these people were probably not actually from Microsoft.  She asked me what to do. 

I DO NOT know what to do.  I told her this was probably the best course of action. 

1. Disconnect from the internet with that computer.

2. Make a police report.

3. Get the computer wiped

4. Get credit monitoring ASAP.

I do not know how thoroughly her information was compromised, but they had a program on her computer and I was able to access the logs.  It appears they took every document from her documents and download folder and downloaded it to wherever they were at.

I'm not an expert, and she asked me to save all her files and only delete the programs they installed.  I could see from the logs that it appeared they put hundreds of programs on her computer, but I couldn't locate it with a Antivirus.  I didn't want to tell her but I had NO IDEA what to do with a computer so infected.  I told her that what I could do was very little and that her best bet was to wipe the computer, but I was not an expert.  They have experts that can do this so we called them, finding out that they charge $80 for a more in depth virus scan and even more to wipe the computer.

She turned it off and I'm not sure what she will do next.

I also took several hundred dollars in cash out of my own pocket to help her out at this time, so, financially, at least for the present, she is not suffering (in case anyone was wondering, I don't know about later or if her bank accounts or CC will be hacked and used or not).

I am alarmed at something else.  While going through her files I found that among them was a Ward directory.  She was in a leadership position at one time and had used the ward directory in her calling.  In it were the names, addresses, phone numbers, and birthdates of all the members of our ward.  This is alarming because it ALSO included birthdates which are personal information.  I am pretty certain it is now in the hands of those who hacked her computer.  My thought was to alert the ward clerk who has more knowledge of this, as I do NOT know what to do in this instance.  I think I may make an announcement over the pulpit that the ward directory.  Other than this I have no idea what I am to do.  Does anyone know what I should be doing in this regard?

those steps are good. probably also have her contact her bank and credit card services to place a hold on her accounts.

let the bishop know. out of the personal info the most useful is the phone numbers, the second most useful is the addresses. as for the computer copy any save files that are necessary to keep and scan them then it's going to need a wipe and reinstall. If she has the software that came with the computer you could probably use bing.com or microsoft website to find how to reinstall the OS. you'll probably want to check and see what programs she uses, and if they aren't part of the package see if she has the installers for those around somewhere.

Share this post


Link to post
Share on other sites

Something she can do to suss out scammers is to ask how they got her number.  She can also ask for a number to call them back because now is not a good time.  A legit place will always have a number to give out while a scam likely won't. 

This guy is pretty funny when he deals with scam emails. 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this