Strange Incident and Phone Call from a Re-Seller

[JPGrajek]

On November the 1st I got to the office and tried to login to my network. After entering my password I get an alert "Wrong Password." I type my password in again only this time slower, being careful to not fat finger or hit a wrong key, my password is very long and it is an Admin password. Again "Wrong Password." I check that the Cap Lock is not engaged and decide to try one more time typing each character very deliberate. Again "Wrong Password." I stop and think about this for a minute then decide to try and login to the Domain Controller directly. I stand up to walk over to the DC and the phone rings. The person identified himself as a Malwarebytes Rep, not sure I remember his name correctly but I do have his phone number, and wants to talk to me about Malwarebytes. I ask if we can talk at another time as I am right in the middle of something. He says "Oh...Do you have an alert or problem on your network you need to take care of...?" his EXACT words, I found this as an odd question but chalked it up to coincidence. I said "...yeah something like that..." Then he asks if I am familiar with Malwarebytes and I told him "Yes we have been using the product for almost 10 years." to which he responds "Oh interesting, I did not know that." After I hang up the phone I thought about the phone call for a couple of minutes and found it strange I would have a problem logging into my network then get a call from a MB rep, so I decide to try to login one more time before trying the DC directly. Bingo! This time the password worked. Has anyone else had a similar experience? I am pretty sure this person got my contact information from the Webinar I attended on Oct 25th and wanted to try to sell me MB.  Too much of a coincidence I think.

 

Anyway, I am sure the person is only a re-seller. Still this is very very strange.

[exile360]

Greetings and welcome,

That's certainly a troubling experience.  I hope that you have since taken measures to ensure your network is secure and changed all your passwords, especially the one you were having trouble with on that endpoint as it sounds like the caller may have been a hacker/scammer and may have somehow accessed the machine.  It's also possible he logged your keystrokes during the failed login attempts.

As for his status as a reseller, our support team will need to work with you to make that determination, but hopefully we can track him down for you to find out more about what's going on.  If we have a rogue reseller out there we definitely want to revoke their reseller status (assuming that is indeed what's happened here).

Also, if it was a hacker who had access to the network/endpoint in question it is also possible they were just posing as a Malwarebytes rep to earn your confidence as they saw after accessing your network that you had Malwarebytes installed.  There are certainly several possibilities but either way I hope we can help to rectify the situation whatever it might be.

[djacobson]

PM'ing you @JPGrajek