I would recommend turning off a lot of the notifications / pop ups in windows 10/11 and Microsoft edge. I would also info her about how Facebook and recipes websites are ripe with those scams 😂

Its hard. You could teach her how domains works and how to look for spoofed mails. But generally just dont click links in mails unless asking you first.

Ask her to talk to her friends about this so they can be safe as well.

wipe and reload, you can never be sure until you do

remove Windows, install Ubuntu with icon pack and windows theme. explain that Chromium is basically better Chrome which allows her to post something on Facebook

If they got on the system, get a Police Report perhaps as a means of documentation for any credit issues (assuming any sensitive information was potentially leaked). You could also alert the credit agencies.

From the technical side, I’m a very better same then sorry kind of guy when it comes to this kind of stuff, so I rather nuke the system and remove any trace of any programs they may have. Most of these scammers aren’t dropping RATs but it’s not a risk I’m taking.

Any way to educate her on what links are safe to click and such?

You are at the crossroads now that we all are at. How do we convince the previous generations not to click on anything they see? Call me ridiculous for this, but I will say it: humanity is an inquisitive species. I mean, the Melissa only spread because we click on literally everything!

Common logic helps here, IMO. Microsoft isn’t going to call you because you’ve got a problem with your system. Why would they send you this notification over your internet browser or email?

As for long term protection, I find AdBlock tools are a given at this point, regardless of what sites will say (YouTube cough cough). If ad services aren’t going to properly filter incoming ads for JS Redirect Attacks, how can I trust any of your ads in any way?

I work in IT and I once saw an Indian guy scam a client out of a lot of money. After the fact I checked for apps in process manager, uninstalled everything I didn’t know, and ran several antivirus scans from Malwarebytes to avast to norton. Nothing was reported in any of the software even after running a boot scan. I thought the guy was making it up until after the scan the guy calls again and I see the mouse moving and a startup like screen. I didn’t know how to get rid of it so I unplugged the Ethernet cord, disabled wifi, and told the guy to back up and reinstall windows. I realize there is risk of the virus spreading via a backup, but I was attempting to remedy the situation. He didn’t do as I suggested so I dropped him as a client.

I would also install something like ublock origin (or that malwarebytes extension someone else mentioned) in ALL browsers they have installed. These both seem to have a feature that’ll help prevent the web browsers from loading up the scam sites.

How I see a lot of these things happening: they’ll be on something like a sports site, or recipes, and an ad or some redirect will pop up, bringing them to the scam pop up. Having one of the above extensions installed will pretty effectively stop it from happening. But (and I say this from experience), much like condoms, nothing is 100% effective.

Reinstall the operating system

Change bank passwords using a different computer - incase they have anything on this one.

Installed remote access -> scans the computer for viruses. Do you think OP? Just wipe and reinstall windows, probably it still has unattended remote access installed.

You did well, the main thing to tell her is never act under pressure. If something makes her panic, she should call YOU, no one else.

Basically every link that she’s getting if it’s not from a contact that she knows it’s probably bad. But yeah these hackers get people to install remote devices so that they can log in and try and take money and everything that they can’t get their hands on from your information it sounds like they didn’t get anything that you weren’t able to then lock up and block. They’re usually not computer wizards or hackers or anything like that so you don’t really have to worry about too much of course run malwarebytes and whatever else you find necessary to make sure that you feel it’s it’s safe. But yeah generally they’re just trying to get somebody to install a remote login program and then access bank information so that they can get access to it themselves and transfer to all the money out of the account to themselves.

Change yo router ip address cuh he gonna start attacking that

Format and reinstall. Get it back to how they like it. Then take away their admin rights. Whenever the need something changed you remote in and elevate to admin with your account. I did this with my dads system 10 years ago and not once virus/malware incident since.