Thursday, March 31, 2011

A Virus, A Password, and Tech Support

I know, we all have stories like this.  So, I figure "why not share my latest"?  As with all good tales...  to the beginning we go, dear reader.

My Dad has a photography business (Timeless Images Photography - shameless plug), and when the digital photography age came upon him, he was forced to do more with his computers than email.  His last two computers are XP machines: the older one (circa 2002) is what he uses for personal use, including email; the newer one was ordered at the dawn of Vista but he, like many other business professionals, chose to stick with XP.  Obviously, it's the more robust of the two, and it's on this machine that he practices the digital tools of his trade.  About a month ago, Dad contacted me concerning his older machine.  It seems there was not enough memory to handle Outlook Express (I know, but he's familiar with it and he likes it, so don't judge).  Telephone diagnosis on my part was a virus or malware.  A visit to his house revealed he had at least received the annoying Antivirus Live malware, but we weren't yet sure he had actually been infected.  A simple removal, a wait period of a few days, and my worst fears were confirmed.  The problem came back, and the deeper diagnosis on the machine revealed a root kit.  Before restoring the computer, however, I tried Combofix as I have had some success using this tool on several other occasions.  I held my breath, turned blue, began breathing again, and a week later the problem returned.  Last weekend I restored his old tried-n-true to its original configuration, complete with his beloved Outlook Express.  He wasn't home at the time, and I did not have his email password, so I left the computer up at the password entry screen for the account and left instructions.  Next day I read an email from him (from his newer computer) that he had no clue what the password was....   he hadn't needed to load it since we set up the newer computer, and that was in 2007. Thus endeth background info.

My Dad's email is with his ISP, which shall remain nameless.......let's just say it rhymes with Bomcast.  Now, I've had dealings with this company before, specifically with password resets, so I didn't bother trying to talk Pop through this; I just got in my car and headed over for another visit.  The online options initiated with the "forgot password?" link took me to a screen that informed me the request could not be handled by this utility and I need to chat with a tech-rep.  I started Round One (chat) pretending to be my Dad to avoid any confusion on the other end.  He has a business class account, complete with phone service, which I explained to Goombomba (that wasn't the name, but it was pretty damn close), and he resolved to help me quickly and efficiently, asking me to verify the account number, address, and pin for the phone.  No sweat.  Five minutes later, Goombomba shared with me his epiphany that this was a business class account, and unfortunately he could only help me with residential accounts.  This helpful tech-rep gave me two phone numbers to call, presumable in case either of them was incorrect.

Round two.  I started with the 866 number and got "Derrick" after punching the right numbers and listening to the phone switching from one State to the next, out of the country and back again.  Derrick was happy to help me today, and said as much.  I explained that I need to reset the email password, and that the chat tech-rep sent me here....  and explained why he sent me here.  For verification purposes, Derrick requested full name, account name, and the last four SS digits...   would I please wait while he brought up the account.  Did I wish to reset the password for the email account timelessimages1?   Nooo...   the email is just timelessimages; there is no "1".   "Hmm", he says (obviously, Derrick is a linguistic genius).  "The business account only has one email address attached to it and it is timelessimages1.  Could this email be attached to a residential account perhaps?"  He was so polite.  I was beginning to get suspicious.  I explained that this had once been a residential account, but had been changed to business class, basically for the additional speed since photographs are an intense upload through FTP.  Derrick checked, and sure enough the email was attached to the residential account we assumed no longer existed.  Apparently, we assumed incorrectly.  Derrick can't reset passwords for residential accounts; he only has access to business class, and would I mind waiting while he transferred me to the correct office?  Like I'm gonna say I mind. 

Several telephone switch sounds later...  oddly familiar telephone switch sounds...  enter "Brittany".  I rewound my tape, replayed the situation to her, added the chapter starring Derrick, ending with "so Derrick sent me to you since he couldn't access a residential account from his department in business class".  Brittany needed to verify the account and asked for full name, account number, and physical address...  I was beginning to wonder if they just randomly asked for information that came to the top of their heads.  Please wait while she brings up the account.  Can you guess what Brittany told me?  Yup...   this appeared to be an email attached to a residential account and she worked in business class accounts.  Would I mind waiting while she transferred me.  "Brittany, I'll wait if you can guarantee me I will talk with someone in residential, since Derrick forwarded me to you claiming he was doing the same thing."  Some apologetic words, and then agreement that she would try resetting the password from there......     no dice, she can't do it.  She transferred me.  Several telephone switch sounds later......    and the phone screamed at me.  I had been disconnected.

Round Three.  I dialed the 800 number this time, and was half-way through the telephone switch sounds when I decided to hang up and try chat again.  Afterall, that was residential, apparently, which is what I wanted according to Derrick and Brittany.  "Margaret Rose" was my new tech-rep now.  She got the condensed version, and oddly enough, seemed to understand.  She quickly found the email account, confirmed that yes, she could help me.  She then requested account verification in the form of full name, physical address and last four digits of the account phone number.  By this time a monkey could commit identity theft.  We're down to the wire now...   all she needs is the 4-digit secret pin.  Thinking she was talking about the phone pin, I give this to her.  "I'm sorry, but that number is incorrect".  My response:  "Well, darlin, your guess is as good as mine then.  Is there something else we can do?  I mean, if I had the means I'd give you a DNA sample to go along with all the other personal information I've given your company over the past 45 minutes if that will help"  There was a significant pause in the chat at this point. When she did respond it was to inquire whether or not I was near the phone registered to the account, and could she please call me to verify.  Brilliant.  I waited....   3 minutes...   finally, the phone rings.  I answered with "Hello Margaret Rose," to which I received confused silence...   the voice said, "Mr. Derickson, this is Rachael from "Bomcast"...   I am confirming that you are indeed in a chat session with Margaret Rose and will email her to go ahead and reset your password".

Unbefreakinlievable.   All of that for an email password reset.  I understand security and all, but I change my passwords all the time (well, she does, because she keeps forgetting them) and I've never seen anything like this.  I have my Dad's email password saved in several places around my house now, just in case.  Viva la Customer Service!