LMI Rescue SCAMMED - Can session log tell if file manager was used?

A family member of mine was scammed by the scam described in many posts, a call comes in and the person takes you to event viewer, etc, showing you "problems" with your PC that need to be fixed. They gave the scammer remote access through LMI Rescue and did not make a payment but spent 15 minutes on the phone arguing with them, while the remote connection is open.

What I would like to know is if there is a way on the end user's PC to view a log of the session, or on Log Me In's end, to confirm whether or not File manager was used during that session to take any files from my family member's PC. Confirmation that file manager was NOT used would help put their mind at ease a bit.

I do not have the PIN used to initiate the session but instead I have the link for a survey/feedback about the session. Surely this could somehow be used to identify the remote session and be used to pull a log?

I have emailed scamreport@logmein.com but did not received an answer.

I can post the survey link upon request if it can be used to help identify the session and confirm if file manager was used.

Find more posts tagged with

Comments

Lisa_K8

Hi @rabeatz I will follow up with Tech Support and private message you when I have an update. Please let me know if you have already been contacted and your issue has been addressed.

rabeatz

Though I have already emailed the information to scamreport@logmein.com , at your request I have also filled out that form.

Is there any information regarding my original question? Is there some way to look up the session with the details provided and determine whether or not file manager was used in that session?

Lisa_K8

Hi @rabeatz Can you please send the details of your experience through our abuse report form? I realize you do not have the pin but the session info may be helpful:

https://secure.logmeinrescue.com/Customer/ReportAbuse.aspx

Thank you!

Sincerely,
Lisa Kate
LogMeIn Community Manager

rabeatz

Some information from the source code of that survey page that might help in tracking down the session. The session occurred on Monday 4/6/15 around 5PM EST.

Survey Ticket: 5c242075-b999-4011-85e9-85a7848ecd90
CompanyID = "2341194"
CompanyName = "Tech 1 Team"

**Edit** Since posting this on the website, someone in France has tried to log in to my LMI forum account - just got a notification of a failed login attempt.

Quick Links

Join the conversation!

If you found this discussion useful, why not register/sign-in? It only takes a minute to share your feedback, ask a question, or vote for a new feature!