Community
Phishing attempt using Remote Utilities posing as Windows Technician
Links used in this discussion
Links used in this discussion
William Beverly,
User (Posts: 1)
Sep 27, 2022 3:13:21 pm EDT
Support level: Free or trial
I recently was approached by an individual posing as a Microsoft Windows technician regarding a problem I had with my computer. The individual had me download Remote Utilities and install them on my computer. They worked with me for several hours while they "scanned" my computer for malware. I later found that their phone number was out of a landline in Warrior, Alabama. I have a log left on my laptop by Remote Utilities. My question is: Is there a way to use the log to find out if there was anything copied or transferred from my computer? I uninstalled the Remote Utilities software from my computer.
Pauline,
Support (Posts: 2869)
Sep 28, 2022 10:26:00 am EDT
Hello William,
Thank you for your message.
We're sorry to hear this has happened to you. Unfortunately, this look like a classic social engineering scam scenario. Answering your question - it's not possible to find out what kind of information/files was stolen from your computer. The log file will only show you what connection mode was used to connect to your Host, i.e. Full Control, File Transfer, etc. and date/time when the connection happened. Any traffic that goes via our servers is the traffic between Viewers and Hosts and it's always end-to-end encrypted, and our server which is only bouncing encrypted packets doesn’t know the contents of and doesn’t store any of said encrypted packets. Therefore, neither we nor any "middle man" knows what's inside the packets or is able to "decrypt" them.
In addition, we recommend that you try contacting your nearest police department and letting them know about the case so that they can investigate this further. We can provide our server logs that contain the originating IP address which is stored on our servers (i.e. the information that might help to identify whoever got the access to your computer). However, please note that the logs can be only provided if there's a direct request from the police. Here is an excerpt from our Privacy Policy:
Please let us know if you have any questions.
Thank you for your message.
We're sorry to hear this has happened to you. Unfortunately, this look like a classic social engineering scam scenario. Answering your question - it's not possible to find out what kind of information/files was stolen from your computer. The log file will only show you what connection mode was used to connect to your Host, i.e. Full Control, File Transfer, etc. and date/time when the connection happened. Any traffic that goes via our servers is the traffic between Viewers and Hosts and it's always end-to-end encrypted, and our server which is only bouncing encrypted packets doesn’t know the contents of and doesn’t store any of said encrypted packets. Therefore, neither we nor any "middle man" knows what's inside the packets or is able to "decrypt" them.
In addition, we recommend that you try contacting your nearest police department and letting them know about the case so that they can investigate this further. We can provide our server logs that contain the originating IP address which is stored on our servers (i.e. the information that might help to identify whoever got the access to your computer). However, please note that the logs can be only provided if there's a direct request from the police. Here is an excerpt from our Privacy Policy:
This is strictly within the law and international treaties and also conforms to our privacy policy. Please feel free to provide our contact information privacy@remoteutilities.com to the police - we will be happy to provide our assistance to the investigation.Government and law enforcement agencies
We may also share information to (i) satisfy any applicable law, regulation, legal process, or governmental request; (ii) enforce this Privacy Policy and our Terms of Service, including investigation of potential violations hereof; (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to your requests; or (v) protect our rights, property or safety, our users and the public. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
Please let us know if you have any questions.
* Website time zone: America/New_York (UTC -5)