So mom got scammed. She was watching Amazon Prime on her TV and got a pop-up that she needed to install a viewer to watch a certain movie, and a QR code to scan. QR asked her to sign up for a free account with a credit card.
Her credit card company blocked the charge and called her.
Someone hacked into her TV or Amazon sent malvertisement.
What should we do? Reset to factory defaults and change passwords? What about the phone she scanned the QR code with? WiFi router?
Edited the post to add in the possibility that this was 'malvertisement' pop-up that Amazon allowed.
It might have just been an advertisement?
It asked for her credit card. She entered the info, and her credit card company instantly called her to tell her there was suspicious activity.
Definitely a scam similar to this:
https://www.wpri.com/news/local-news/you-dont-want-to-fall-for-this-bbb-warns-of-smart-tv-scam/
I realize now, the pop-up could have been malvertisement through Amazon rather than the TV getting hacked.
@MCDuncanLab This is unfortunately probably not the TV itself but amazon prime related, unsure if it's account or device based yet
( The article has a very long winded intro about victim's former injuries, but experienced the same thing )
https://wsvn.com/news/help-me-howard/scammed-from-a-qr-code-on-his-tv/
@MCDuncanLab Also, there's rumors / speculation these are delivered as legitimate ads through prime's network
Ugh! Well, we're having her reset everything, update all of the software, and change all of the passwords.
If there's an option to disconnect all prior logins do that too. If it was a hack that'll put them back to step one.
A password of at least 18 characters is best. It doesn't have to be completely random, just not a string of words that go together.
Eg.
ILoveToEatPasta24x7 is easier to guess than
PastaLove24x7EatToI
We are going to want to make ad blockers on TVs a thing, aren’t we?
@MCDuncanLab Step 1 is don't panic.
Factory resetting TV probably isn't a bad idea. It's likely there's some malvertising app installed, and that should get rid of it.
Phone might be OK as long as she didn't install any new apps. Might not hurt to review what she has installed and check for anything sketchy.
Biggest thing though, is to encourage multi-factor authentication. App-based is best, email is OK, avoid SMS if possible.
Also educate about not scanning untrusted/unknown QR codes.
@MCDuncanLab I would also strongly recommend to change passwords for email and bank accounts at minimum, make them unique and have her store them in a trusted password manager like Bitwarden. This way one compromised password can't be used on all her accounts.
@katharta @MCDuncanLab Bingo.
In my grandmother's logic: You do NOT need that thing right now. Wait. Even if they say it's JUST NOW! .... that's a red flag 'cause it doesn't make sense if you're trying to sell things.
@MCDuncanLab This is the problem with so many 'smart' and internet-connected devices - if they have any security, it's usually a bolt-on rather than from initial design stage, and default passwords like 'admin' or 'password' (seriously!) aren't unusual. It might have been at TV or router level - definitely need to look at firewall and security settings on your router first, as it is unlikely that it pre-existed on the TV.
She thought it was a pop-up from Amazon, and some people are suggesting that it is malvertising, which makes sense because mom doesn't use the default password.
your posts made me do some looking, and apparently amazon is selling 'android tv boxes' that are pre-loaded with malware. this is insanity, IMO...
https://www.malwarebytes.com/blog/news/2023/01/preinstalled-malware-infested-t95-tv-box-from-amazon
https://techcrunch.com/2023/05/18/popular-android-tv-boxes-sold-on-amazon-are-laced-with-malware/
@MCDuncanLab I wonder if the TV was hacked or this was just straight up malvertising with an ad that was published on their platform that's just like a 60 second unskippable slate with that fake popup on it
@MCDuncanLab Time for a withdrawal from subscription capitalism, and capitalism in general. To the degree possible. See Hertz. See Yotto. Nobody is safe. You don't need Prime. Amazon ships free with a $35 dollar order, and don't be surprised if it becomes $50 or something but still. A little planning. None of us need streaming services. There is practically infinite "free" media, like books. Withdraw, simplify, save, survive what is coming. Garden. Sew. Repair. Thrift shop. Trade. Credit Union.
@MCDuncanLab It might not be cheap, but disconnect her TV from the internet, and get a box that can connect to the internet from a reputable/secure source, a company that has some skin in the game to protect its reputation (#Roku and #Apple come to mind) and provides a modicum of security.
I mean, besides changing passwords on every account involved.
TVs should not be smart. You must not trust ANY tv to connect to the internet.
@neurologo @MCDuncanLab I went with an AppleTV for this reason as well. You can theoretically do some DNS level blocking on an AppleTV as well but that’s probably overkill and if you aren’t nearby to fix it if it breaks likely not worth it
@MCDuncanLab If it's coming from them, it wouldn't just be your mom, and it would be big news. I haven't seen anything. However, for example, Palo Alto Networks got compromised over the weekend, so their firewalls are ablaze.
Yes, I'd reset the TV and change passwords.
I'd power cycle and probably reset the router.
The phone wasn't the vector for the initial attack, but the web page she interacted with could have left something behind. It should be scanned for malware and viruses.
It's possible to leave something malicious in non-volatile memory. I'm not sure this was that sophisticated of an attack.
There are others here who are much more versed in this than I am.
Let's add some more hashtags.
@MCDuncanLab Blow up your TV, throw away your paper.....
Thanks to John Prine for anticipating this scenario and providing guidance.