The Wahkiakum County Eagle - Established as The Skamokawa Eagle in 1891

One day last week, Rosburg resident Poul Toftemark’s computer screen went black and a message appeared, alerting him to a problem and directing him to call Microsoft. A phone number was provided.

Toftemark panicked and went with the only option presented to him in the moment. He started dialing.

“Never call that number,” Toftemark advised.

Unfortunately, he’s learned a hard lesson over the past few days, but thanks to his willingness to talk about what happened and the good folks at Computer Link Northwest, it might save some other Wahkiakum County residents a bit of trouble.

When he called the number on the screen that day, he found himself speaking to someone with a strong accent. He went along for a while, even paying $519 for the service, for which he got a receipt, which looked legitimate. It was when they started asking about bank accounts and Social Security numbers that the red flag went up.

“There were yellow flags all along,” Toftemark admitted.

He backed out then and there, and not sure what to do, he unplugged his computer from the wall.

“Absolutely do not call that number,” Toftemark said. “If you see that, unplug your computer. Don’t just turn it off. Unplug it and call Computer Link Northwest.”

Toftemark spent the next couple days dealing with the financial, credit, and identity issues. He called his bank and put a hold on everything, changed bank accounts and credit cards, notified credit companies and social security.

“It may have, could have allowed them to syphon out all our savings,” Toftemark said. “We’re hopefully out of the worst of it.”

Unfortunately, he wasn’t able to stop the $519 payment to the fraudsters.

According to Julia Wadlow of CLNW, Toftemark was one of three people that they know of in the community in the last three weeks to be targeted by this, through what her colleague Ed Lane calls scare-ware.

“A banner comes across the screen saying that their machine has been compromised, and that they need to phone up Microsoft at the phone number on there and speak to technicians,” Wadlow said. “They need to do this now and it’s urgent. From what I understand, it’s a big banner and it’s flashing and it makes noise. It’s very alarming.”

“When you call the number, they will feed you a line and ramp up your anxiety and fear and then convince you to click a link,” Lane said. “It will install a small piece of access software that they then remote into your machine. They will put up pages that look like they are doing this or that, but in the background they are doing stuff you can’t see.”

Wadlow was also able to provide a few more details about what happened to Toftemark.

His payment of $519 was requested to come in form of a check, she said, which he was asked to mail, but not before signing and endorsing a check and sending pictures of the front and the back.

“He doesn’t bank online, but they actually talked him into getting into his bank online so they could lock down his bank account and create a new account for him,” Wadlow said.

As for the receipt Toftemark received for the $519, while it had the Microsoft logo and seemed legitimate, to Wadlow’s more experienced eye, there were subtle clues everywhere. It didn’t have page numbers, for instance, the numbering convention was off, and it looked like the authors had cut and pasted from other similar documents.

Lane, who repaired Toftemark’s computer, said that the subjects took Toftemark’s desktop documents and download folders and moved them into another subdirectory on the hard drive, where they hid them and locked them.

“They took his profile security rights away from him,” Lane said. “Effectively what they are setting up to do is to take the computer hostage, hijack your machine, and then say for so much money we can fix this.”

Lane pulled the hard drive and cleaned it, starting with what he found on the surface, and then accessed the profile. Afterwards, he “fired up” Toftemark’s machine and cleaned up the rest.

“He had a couple things on there that were not tied to that instance, but I see commonly,” Lane said. “Other pieces of spyware that companies use to develop marketing profiles on users. I cleaned that up, repaired his profile, recovered his data, put the subdirectories where they were supposed to be, and checked for updates and turned him loose. His machine was good to go at that point.”

Wadlow explained that situations like this can be easy to bypass, but most people don’t know how, so they panic and follow the instructions on the screen.

Typing the Control, Alt, and Delete keys will bring up Task Manager, she said, and if you know how to use that, you can close down that banner.

If you don’t, unplug your desktop from the wall, she said. If it’s a laptop, shut it. Then give them a call at Computer Link Northwest, 360-795-5000. A technician will either visit or the machine can be dropped off at their office, and it won’t cost a thing, thanks to a grant from the Department of Commerce.

Toftemark was grateful for CLNW’s assistance, and pleased with the price after such a harrowing experience.

“They ended up fixing it for free,” Toftemark said.