Pinellas County resident Scott Germak thought he was getting free Tampa Bay Rays tickets based on a phishing email that appeared to be a legitimate message coming from GTE Financial, his bank, with the offer.
“How can people be so dumb and fall for this stuff?” Germak used to wonder, thinking he would never himself be a victim. “It was saying that all their members from April 12 to May something, they could have two free tickets to the Rays game. I went to click on ‘schedule.’ As soon as I clicked ‘schedules,’ a box popped up saying I had a virus. I couldn’t go any further,” Germak said.
“So I called the (provided) number,” he said.
As soon as he called the 'support' phone number on the popup, the hacker was able to access his computer remotely. Germak spent about 45 minutes on the phone with the man.
“I saw a lot of things rolling on the screen, you know numbers and letters and stuff. The next thing I know, he’s got a price $249. I go, ‘I don’t have any money,’” Germak told News Channel 8 who interviewed KnowBe4's founder and CEO Stu Sjouwerman.
“He’s lucky that there is a number there. Normally you have to buy bitcoin and then transfer bitcoin, which is an electronic currency, to the bad guys,” said Sjouwerman.
Germak’s computer was infected with ransomware. Hackers encrypt your files and the only way to get them back is to pay the ransom.
“That computer is essentially no longer trustworthy, and I would wipe it and rebuild it from scratch,” Sjourwerman said.
“Email is the number one way your machine gets infected. Any email that could arrive in your inbox is potentially a scam. So you really have to look at, ‘Did I expect this? Did I ask for this attachment?’ And, if you didn’t, don’t open it and delete it,” Sjourwerman said.
8 On Your Side reached out to the Tampa Bay Rays and GTE Financial. Both organizations told us several customers have followed the link and received their tickets without any issues. GTE offered to change Germak’s online login.
Meanwhile, Germak is warning others about what he learned from this debacle. He lost his files, is out of money for repairs and his identity has likely been stolen.
“Don’t make a phone call if you get that message come up on your PC,” Germak cautioned.
We recommend EVERYONE to review the 22 social engineering red flags to watch out for in any email. Ransomware continues to be a threat not only to individuals but businesses as well. It might be a good idea to print out this PDF and pass it along to family, friends, and coworkers. Remember to always think before you click!
Get the most informative and complete ransomware hostage rescue manual.
This 20-page manual (PDF) is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware.