Can someone help me evaluate if this is a scam for Mac support

anti-virusNetworkvirus

My father-in-law purchased a $400 lifetime support contract with a company (Cyber PC Experts).

Recently his computer has been acting up—running very slowly—so he requested support. The service tech took control of his computer remotely (from India) and pretty much fixed the issue.

A few days later, he gets an email from them saying that they need to check his computer again because it was hacked.

They did a few things to his computer while he was watching to show that it was “hacked.” Then proceeded to try to sell him a ~$1000 software/config to clear current “hacks” and to thwart future hacks.

I wasn’t involved until I heard this and went over to his computer and took over the phone conversation with the tech that was remotely using his machine.

My father-in-law told me that they showed him an IP address and then showed him the geographic location of the IP address and said that was where the hacker was. They even zoomed in and showed the building. It was a location in Los Angeles… Where my father-in-law lives.

I used a website to “Find My IP” and it matched up with IP address that the tech was showing him. Basically I think it was the public address that our cable provider shows as public for our home. I tried to “Find My IP” using other computers at his home and it gave the same IP address. So it was probably Time Warner’s data center.

The tech on the other end was also showing him the output of the netstat and top commands. They were telling him that there were a lot of “sleep”-ing processes and that supposeduly means his computer has been compromised. They also said that the high % of idle CPI cycles means that the computer was slowing down.

So, I basically kindly declined to buy the ~$1000 software to clean out his computer and prevent future hacks.

Am I right to call their bluff? Has anyone else encountered this kind of scam before?

Here are some report on Cyber PC Experts:

Best Answer

Your gut reaction feels correct. The description of sleeping processes and idle % CPU use is misleading.

The description of tracking IP addresses to a single location is unrealistic.

The costs involved are high. For that sum, consider suggesting your father-in-law engages a local Mac expert – or go to a local Apple Store for help.

Erase and Reinstall

If possible, back up your father-in-law's Mac to an external hard drive. Then erase and reinstall OS X:

  1. Before you begin, make sure your Mac is connected to the Internet.
  2. Restart your Mac. Immediately hold down the Command (⌘) and R keys after you hear the startup sound to start up in OS X Recovery.
  3. When the Recovery window appears, select Disk Utility then click Continue.
  4. Select the indented volume name of your startup disk from the left side of the Disk Utility window, then click the Erase tab.
  5. If you want to securely erase the drive, click Security Options. Select an erase method, then click OK.
  6. From the Format pop-up menu, select Mac OS Extended (Journaled). Type a name for your disk, then click Erase.
  7. After the drive is erased, close the Disk Utility window.
  8. If you’re not connected to the Internet, choose a network from the Wi-Fi menu.
  9. Select the option to Reinstall OS X.
  10. Click Continue and follow the onscreen instructions to reinstall OS X.

This should entirely remove any third party tools and processes that have been installed by the support company.

With the reinstalled OS X, only restore personal files and documents from the back up.

An Aside: Distractions and Blame

Please do not blame the father-in-law. We have not been asked to judge the company or individuals affected. @milesmeow asked for help to decide if their decision was defensible and if others have encountered this type of situation.

Related Question