Symmetric IT's Tech Blog

Life's too short for complicated solutions.

Some Insights Into a PC Support Scam

Some Insights Into a PC Support Scam

We came across a user that was presented with a PC support scam via Microsoft's Edge browser. The user unfortunately did follow through with the scam request but stopped the process someway through the process due to the "support" actor turning aggressive when quizzed on some of his actions. The user did take pictures of some of the actions that took place which gives us some interesting insight into what they are trying to accomplish.

The scam's entry point was via the Edge browser via "", in this case employing a log on prompt as a security scare warning:

The broken english should be a red flag. Googling the support number (61-1800-431-440) also serves up many results related to the scam. The screen warns you about logon credentials that could be stolen but in reality it is likely to steal these credential when you call them. They warn the user about not shutting down and possible non booting issues - we'll come back to this at the end. Although the scam seems obvious, to an untrained user it may appear legitimate. Quite often your computer may have exhibited issues similar to what they are scaremongering about and in turn the user legitimises the warning as timely and expected.

Another curious detail they added to the page:

Top right they refer to the localhost as the "Microsoft Diagnostic IP Address" along with another pop up in the bottom right.  A close up:

Not 100% sure what kind of pop was used in this case but it appears to imitate a Windows Defender event.

When a user calls the number apparently you are greeted by a friendly support person that walks you through the steps they will perform. It was described as sounding 'like a call centre environment'. They initiate a remote support session - we were unable to confirm what software or method they use to initiate the session but the powershell screenshot has some control items by the taskbar which might be a clue.

The scam actor opens a notepad windows and types a to do list:

A very ironic to-do list to be honest and a fairly expensive way to get your computer infected with various bits of malware. We would love to get our hands on the "anti malfunction" tools he has. Interesting that he plans to "security off" - probably the only truthful item on his to-do list.

Note also the Windows Event Viewer in the background, conveniently open to a list of bad events to alarm the user.

Alarmingly he also hopped into Powershell:

He highlighted the protection status on the recovery volume - pointing out that the "security off" from his to-do list has now been completed. Then a few returns at the end to obscure the command he typed in.

Next he jumped into regedit - not sure what intended to do, it may have been to fake some actions or remove or add some bad values:

At this point the user started asking questions about the procedure which caused the actor to become agitated. The user cancelled the remote session and switched the computer off.

Interestingly the computer was in a non-bootable state afterwards - the usual boot fixes were unable to restore boot functionality. Was it on purpose? Not sure, if they stole website credentials then a broken user PC will give them more time to use the the stolen credentials before the user can change their passwords. Otherwise if the object was to collect the $199 'support' fee then it would be unwise to break the PC.

The fix? Wipe and reinstall, change all your passwords ASAP.

Cover Designed by Macrovector

EaseUS Free Backup Review

EaseUS Free Backup Review

We'll be taking a look at all the features offered by EaseUS Free Backup. We are using the latest version as of October 2018 on an up to date Windows 10 install. This review assumes the reader is familiar with backup concepts and terms such as image backups, file backups, incremental and differential backups. Lets start:

The initial download requires you to provide an email address to get the link. The download size comes in at 93Mb. Installing is a normal Windows type install. They do push you towards the paid tier at various times from the website and within the actual install. Comparisons between free and paid is shown at various stages including just before opening the program for the first time:

Interesting that they would point out the free version is "slow" but the paid version not. Email notifications are also left out but that seems to be industry standard.

The Main Program Interface

The main interface looks as follows:

Various options on the right and shortcuts in the middle.

SYSTEM BACKUP - EaseUs gives you a shortcut to backup your main boot partition (Where Windows resides) as a one click shortcut from the main screen. This is what the screen looks like:

The C drive is selected as the source confirming it is Windows 10. A nice feature if all you require is a boot partition backup. For the review purpose we'll focus on the disc backup wizard to allow for source disk selection instead of forcing the system disk.

Second icon on the left takes you to the disk/partition backup interface:

The interface is simple and intuitive, select your backup disk source and proceed to the next step. Before moving on we'll look at the backup options to see what the default configuration looks like.

Backup Options

We will look at each option individually:

  • Space: Allows you to set the compression level. Usually best to leave at normal as higher levels normally gives diminishing returns. No compression is not worth the speed gains vs lost storage capacity.
  • Encryption: Important to encrypt your backups in case the destination drive or location is compromised. Off by default.
  • Performance: Task priority and network bandwidth usage restrictions. Network bandwidth limits are useful to protect the network during a backup. A backup can be multiple gigabytes in size so it's possible to saturate the network capacity if left to itself.
  • Advanced: Sector by Sector Backup: This refers to backing up the entire disk including empty space (as opposed to just the in-use sectors)
  • Email Notification, Custom Commands, Offsite Copy, File Exclusion: Not part of the free product.


OK, jumping back to setting up our first backup. Before moving to the second step it is possible to schedule the backup:

  • Scheduling is straightforward with one time, daily, weekly and monthly options. Choosing daily gives you the option run interval backups which gives multiple daily backups. Important functionality to keep your data safe if one backup a day wont do.
  • The second factor in the schedule to notice is the option to pick between an incremental or differential backup.
  • You also get the option to appoint the first daily, weekly or monthly backup as a full backup. This would give the backup chain some built in safety and reduce the length. This gives you only basic functionality to build a structured backup plan.

After choosing a backup destination, backup name and suitable description we click "proceed" - the backup starts running with no further options to select from:


The backup completed in 14min59s with a size of 26.9GB from a source disk that contained 43GB of data. So we achieved almost 50% compression - highlighting the fact that the normal compression setting is sufficient.

Incremental and Differential Backups

Next we'll run some more backups to to see how EaseUS handles incremental and differential backups.

Right clicking on your backup task gives you the ability to run a backup type of your choice (Full,inc,diff).

For the review purpose we'll focus on manual backups, this knowledge can then be used to apply to your own backup schedule.

Running an incremental produces a 2.4GB file within around 2 minutes:

As you can see the backup type is included in the filename which makes it easy to determine what your backup chain consists of. Let run another incremental directly after to see what size we get. We are expecting to get a small backup:

As expected a 33MB backup file is produced. This good efficiency.

Next we run a manual differential backup. We expect the backup size to be the same as the first two incrementals combined:

The result is as expected. Once again the differential is noted in the file name of the backup ('diff').

Synthetic Backups

EaseUs doesn't advertise it as such but it does have the functionality to merge incrementals into each other as well as into the base image. This allows for very flexible backup plans and low maintenance backup chains that self manage.

Right clicking on the backup plan gives you the option to 'Manage Images':

 From here you get a bird's eye view of your backup chain. Selecting more than one image gives you the option to "merge" backups into each other:

From here you can merge incrementals into each other (incrementals merging into each other before differentials). Finally you can merge the last remaining differential into the base image forming a new synthetic full image. It's worth pointing out the incrementals merged in mere minutes but merging the differential into the full took twice as long as the making a new full. Take this into consideration when building your backup plan, ie, at different sizes the synthetic backup might merge faster than creating a new full.

This merging and synthetic backup functionality available in the backup plan options as well:

From here you can build your backup plan to keep only a certain amount of incrementals that either gets deleted on the tail end of the chain or merged ("Reserve image via image merging method").

File Backups

EaseUS also includes a file backup system where files are backed up into a storage container. Incremental and differential backups are also available. We'll do a brief investigation how it operates and how it handles large files that change often which is the main headache of file based backups.

Because file backups also use the same container as the image based backups you have the same functionality in terms of scheduling, incremental, differential backups and synthetic backups as well as image merging. This makes it very flexible.

The Test

For our file backup test we will backup a folder with one 500mb file inside consisting of random data, We will then immediately do another incremental backup to see if it successfully identifies the file as unchanged and not create another backup file:

EaseUS does indeed create another backup file but in this case an almost empty 100KB file. We are happy with this behaviour as it show the backup was run but no data backed up. It doesn't waste too much space.

We will then change a few bytes inside the file to see if it backs up the whole file again or just the changes:

The resulting backup file is only 172KB - based on this result we can confirm that EaseUS does delta incrementals which is very efficient (it only saves the internal changes of a changed file instead of the whole file, this is useful to backup databases or files such as Outlook PST files.)


Clicking on the "Last Backup" link gives you access to the backup logs. These are sorted according to Successful, Warnings or Failed Backups:

Useful for an overview of either image or file backup history.

Recovery Environment

Another crucial feature of any backup program is its recovery environment. Ideally you need all the main program's functionality within your recovery environment. Extra tools such as boot fixes is also useful.

EaseUS call this their "Emergency Disk" and is accessed from their Tools menu:

You are given options for two different types or recovery disks

  1. WinPE - Windows based Environment that can closely match the look and feel of the original application.
  2. Linux - Usually a lightweight recovery environment built upon the Linux environment.

Under most circumstances the WinPE environment is more useful since it supports more hardware configurations so we will focus on the WinPE version.

You are given the option to add a driver to the process - this is useful when your computer may have a unique storage driver for example that needs a specific driver to be enable access within the WinPE environment. It's worth pointing out that this function is not available in the free version.

Three options for the WinPE destination is also supported:

  1. ISO image for use in VM's
  2. USB disks for everyday usage

For the review purpose we will create an ISO for use in a virtual machine so we can get some screenshots.


  • You are not given the choice of WinPE version, we assume WinPE10 or based on the source OS
  • It is not immediately clear if the emergency disc supports UEFI booting

Booting the WinPE ISO reveals a WinPE10 environment that mimics the Windows version:

From the WinPE environment you can perform the following actions:

  • Image Backups
  • File Backups
  • Cloning

A full featured set of features are available to perform while outside of windows (cold imaging and backups.) Obviously you can browse to a previously made backup to restore the image. Note that you can resize partitions as necessary when restoring an image.

You also get access to a various tools:

Most options are fairly self explanatory. We will point a few noteworthy options:

  • Windows Shell Command - Useful for running command line options (ie, diskpart)
  • Fix MBR - resolve boot issues - no mention of UEFI support though
  • Driver Manager - Add drivers to the WinPE environment in case there is hardware that is not detected (ie, storage driver to access your hard drive)

We are a little disappointed with the boot fixing functions available - competitor products often have a more full feature set when it comes to repairing boot issues (which quite often happens when restoring images).

Image Restore

We will restore a full image using the USB recovery option. To make it reflect some real world conditions we'll restore the image that has had both incrementals and differentials merged into it creating a synthetic full. The image restored successfully which is the ultimate purpose of a backup application - a successful restore.

Restoring Files

We'll look at how EaseUS manages restoring files from either file backups or image backups. Many competing products allow mounting of a backup image inside Windows explorer - from there you can access it just like any drive and copy your files that were backed up.

EaseUS has an image mounting feature as well as direct access to your backup containers from explorer. Simply double clicking the file will open the container as if it was a normal folder:

A great feature EaseUS added is what we'll call a 'restore helper pane' on the right (highlighted in yellow). When selecting a file within the container it will automatically give you the versions available for restore. Clicking on the recover button gives you the option to restore to the same or different place. This is a great and easy to use feature - this gives the user quick access to all different versions of a file contained in a backup chain (instead of having to mount each individual backup file in search of your desired version).

Extra Feature

EaseUS includes an iSCSI initiator which is an odd inclusion for a free product but useful nevertheless - incase you are storing backups in the cloud.


Incremental image based backups

Differential image based backups

Incremental file backups (delta incrementals)

Differential file backups


Synthetic backups and backup merging

WinPE10 recovery environment

Powerful restore options and file recovery from within Windows

No recovery environment options (WinPE version choice or architecture), UEFI support is unconfirmed

Boot fixing options from recovery environment is severely lacking

EaseUS Backup Free is a full featured application that gives the average user more than enough functions at the free tier. The inclusion of both incremental and differential backups as well as file backups, all while giving you options for image merging and synthetic backups makes for a great free product. EaseUS successfully restored our test backup that had multiple merged incrementals within it which is a good vote of confidence.

Our main concern is with the lack of recovery environment options in terms of creating WinPE versions of your choice and secondly the lack of boot fixing options within the environment.

8 Tips For Online Safety

8 Tips For Online Safety

We live in a hyper connected age unlike any before it. Your online safety and privacy is at risk on a daily basis. Here are 8 tips to keep you safer online:


New online threats emerge everyday and for the bad guys the race is on to find ways to compromise your browser with malware, security holes and malicious exploits. Your best defense is to ensure that you're using a modern browser such as Mozilla Firefox, Microsoft Edge or Google Chrome. These browsers update themselves automatically to keep ahead of all newly discovered threats. Also consider installing an ad blocker that blocks intrusive ads and unnecessary tracking scripts. An added bonus is a more enjoyable browsing experience by speeding up website load times.


For all the convenience that email provides it is also one of the most prolific points of entry for scams and malware. There are some basic rules that will help to keep you safe: always assume an email is a scam. Always reject unsolicited advances and messages in your inbox. Be suspicious of all attachments and don't open anything unless you were expecting it, the bad guys are brilliant at hiding their traps in attachments. Lastly, never click on any links within an email.


Stick with a paid product that performs well in anti-virus comparative tests. Free products nearly always come with a catch unfortunately. Windows 10 has built in anti-virus and it's making great strides in efficiency but tends to be outpaced by top tier paid products. Symmetric IT endorses and supplies ESET Anti-Virus products.


Software programs nowadays are exploited and compromised mercilessly. If there is a security hole (and there IS) it will be exploited by someone, somewhere. You can't always stay ahead but you can put up a good fight with patches and up to date software. Apple Mac and Windows updates often break legitimate things but the pros outweigh the cons, so next time Windows nags you for an update it's best to let it have its way! (and if you're still on Windows 7, make upgrading to Windows 10 a priority).


So many passwords to remember! - just make sure you use different passwords for different services. So often victims are cross-compromised because they re-used a password for different services (think about your email password matching your PayPal password..). Secondly, strong passwords go hand in hand with security: Long passwords or even phrases(easy to remember!) with uppercase, lowercase, special characters and non-dictionary words are best.


Controversial and very debatable - which smartphone ecosystem is more secure and respects your privacy the most, Apple's IOS or Google's Android? We are of the opinion that the walled garden approach of Apple tends to be more security/privacy oriented than Android's somewhat wild west approach. Whichever you choose, the same safety guidelines apply: Don't install apps thoughtlessly. Check what permissions they require and deny that which they don't. A minimum permission model is what is desired, a dictionary app certainly doesn't need access to your contacts!


Your default privacy settings on all your favorite social media apps and websites often don't have your privacy as their number one concern; they tend to be more concerned with sharing your data with 3rd parties for extra profit. Facebook was caught red handed recently with misusing user personal data. Check each service's privacy settings individually and make sure you are aware of what you are sharing with the general public.


All hard drives and storage media can and will fail eventually, when this does happen, as long as you have backups you will be OK. Ensure that you have multiple backups of your most precious data in more than one place (offsite if possible as well). Backup your smartphone as well - we treat it like a casual accessory but in most cases it's more expensive than a laptop and carries more information!

Hopefully this gives some food for thought when you interact online and how to stay safe while doing it. Comment if you have ideas to add.

More To Read

The government provides great resources that are aligned with Symmetric IT's services:

Protecting Business Data

Keeping Yourself Safe and Secure Online

Symmetric IT is an IT support company in Auckland. Contact us if you need world class IT support.

Image Designed by Freepik

iPhone Privacy Settings

iPhone Privacy Settings

iOS has some privacy settings that are quite often overlooked by casual users. Here are a few settings that should be considered:

1. Location Services App Usage

Applications in iOS11 can be restricted in their use of location services. There are 3 different options available per app:

  1. Always
  2. Never
  3. While Using the App

This is useful to keep a tight leash on how and when an app can use your location. Most apps don't need your location but those that do you can set to only while you are using the app:

Find this under Settings->Privacy->Location Services. Choose an app to change its settings.

2. System Services

iOS has a few system services that also use your location. Find this under Settings->Privacy->Location Services->System Services.

Here you can toggle various system services' ability to use your location. The 7 important items to note are the following:

  • Location based alerts
  • Location based Apple ads
  • Location based Suggestions
  • Significant Locations

  • iPhone Analytics
  • Popular near me
  • Routing & traffic

If you are privacy focused then we suggest disabling these options. The remaining options can be enabled or disabled based on your needs.

An option at the bottom of this screen gives you the ability to have the location icon show on screen when your location is being used by these system services. This is useful if you want to micro manage these services and their location usage (ie, pinpoint exactly what service invokes your location at what point).

3. Analytics

Find this under Settings->Privacy->Analytics. Here are 2 options that you can disable to prevent sending crash reports and other iPhone logs to Apple.

4. Advertising

Find this under Settings->Privacy->Advertising. Enable the option to limit ad tracking.

It's useful to always check these settings after an update to ensure that it hasn't defaulted back to different options.

Opening and Replacing the Hard Drive in a Samsung ATIV ONE 5 DP505A2G

Today we will show you how to replace a Samsung Ativ One 5 DP505A2G hard drive with a solid state hard drive. This is what this particular model looks like:

A neatly designed unit - basically a screen with a built-in laptop mainboard ;).


Disassembling this one looks hard but it's actually quite easy, there are no screws to remove on this model - you will need to pry off the back cover. A guitar pick is very useful for this type of situation. A screwdriver is likely to damage the case.

Place the Samsung screen down on a soft cloth or towel. Looking at the back, start in the lower right by the base (see picture below).

You will need to force the pick in between the chrome strip and plastic cover at an angle. You will need quite a bit of force, slide the pick sideways to start unhooking the cover. The cover will make a clicking sound each time a hook 'unclicks'. Slide the pick along the edge around the entire cover to unlatch the whole cover.

With the cover off you can easily replace the RAM and hard drive. Notice the hard drive in the top right corner:

Remove the hard drive and clone to a solid state hard drive. Symmetric IT prefer to use Samsung EVO drives:

Use your favorite cloning software, we recommend Macrium Reflect.


Boot up time times improved dramatically after the solid state swap (boot time to a usable desktop):

< 40s

*Even a few seconds make a significant subjective improvement to the user, every second waiting for a PC to boot is like 10 minutes in the real world ;)

General usability has also improved. Things to check after the install: Is Windows and Office still activated? If Windows 7 you can disable disk defragmentation schedules.


To reinstall the back cover simply press in back into place, working your way around the edge. It may require a bit of force for the plastic hooks to slide underneath the edge. They do go in with a satisfying 'click'.