One Fine Day In The App Store

Who needs Facebook integration when you have one of these?

20110809-021244.jpg

The INF-Ammyy Scam – Recovering from a Gotcha

Mary writes (in relation to this article):

Sorry to trouble you like this BUT I fell for the ammyy scam! July 11 6PM. Unlike you, I am computer illiterate, so they accessed my computer remotely (I think they got my computer “ID number” or something). But did not give them credit card number, at least :-) To cut short long, inane story: Am I liable to be under CONSTANT SURVEILLANCE by ammyy?? Is my past e-mail correspondence also compromised? Most grateful for your advice! I have filed a complaint with ICC center (Internet Crime Complaints). Also contacted bank & credit card companies. So far (2 days) no mishaps! But what about the FUTURE? Many thanks! P.S. I listened to your audio clips — scammer sounded exactly like my caller…

Don’t feel too bad – the scam is designed to be confusing and scary for you. It’s good that they didn’t get direct access to your banking details. However, it is difficult to know how much access they still have to your computer, or what they intend to do with the access they have gained. Does anyone have any insights as to what actual damage has been done by these people in the past?

Let’s be sure the main access route is closed. Remove the Ammyy Admin software to ‘change the locks’ and make sure the access you originally provided (the ID Number) doesn’t work any more.

  1. Press the Windows key and type ‘Control Panel’ (enter), then click on ‘uninstall a program’
  2. You should see ‘Ammyy’ or ‘Ammyy Admin’ in the list somewhere: click on the name and then click ‘Uninstall/Change’
  3. Follow the instructions from there, and reboot your computer.

That should shut down the access they gained to your computer during your call. Unfortunately, it is possible that since gaining access to your computer they may have already installed other, invisible methods of gaining access. (That would be the first thing I would do, if I were not so nice)

It’s difficult to know if your email records have been accessed, and if your passwords have been compromised. It may be a good time to change your passwords, including the password you use to access your computer, just to be on the safe side. Even if someone doesn’t have access to your computer, it’s a good habit to get into every six months or so.

Spyware and Malware detection programs should help you figure out if other people still have access to your computer using invisible software. Microsoft’s built-in solution ‘Security Essentials‘ should already be installed, and will hopefully flag any untoward software and behaviour, but just in case, I would perform a full spyware scan of your computer to make sure:

  1. If Security Essentials is installed and running, you should see a green ‘House’ on the bottom right of your screen (you may need to click the ‘up’ arrow) – double click on it. (If not, install Security Essentials quickly via the link above!)
  2. Select the scan option ‘Full’ and click the ‘Scan Now’ button.
  3. Wait until it completes, and follow any instructions.

If the scan completes without an issue, you may be in the clear, but keep monitoring your computer (and accounts) for unusual behaviour.

I hope this helps! If you have any other advice for Mary (or corrections), please comment!

UPDATE: August 2 – It looks like the scammers are pretending to be from Telstra now:

UPDATE: September 8 – It also seems the latest Microsoft Security Essentials malware definitions are treating the AMMYY Admin software as hostile and removing it. Guess that points to the AMMYY organisation being part of the problem, not an innocent party. Suggest avoiding at all costs. Microsoft has a good article about what they do and don’t do over the phone, and some advice about what to do if you’ve been scammed.

Responding To New Tricks in the Notorious INF-Ammyy Phishing Scam

Event Viewer

Image via Wikipedia

Long story short – if you receive phone calls from people you don’t know, claiming to know your computer is broken and needs fixing, finish the call quickly. It’s a ‘phishing‘ scam.

Alternatively, if you have a few minutes spare, record yourself wasting their valuable time, as I did earlier today.

Having received a few phone calls from ‘the Windows Service Center’ recently, and after asking them politely not to call with their crazy story a few times before, I decided to see if I could be removed from their list by deliberately wasting their time. It took 20 minutes to find out their latest tricks, and have them hang up on me for a change.

These calls are full of technical nonsense-speak, and designed to allow the trickster to gain control of your computer for, at best, an excuse to bill you for unneeded service charges, and at worst, access to private information like banking details or enlisting your computer in a botnet.

In today’s call, I followed a few of their more harmless instructions. I was expecting this to be a version of the ‘Event Viewer Scam’ which is well-known online. This one is a little different – I’m calling it an ‘INF-Ammyy’ version because of the specific techniques they used. You can replay the full call below.

This version follows the usual structure of the scam:

  • The caller attempts to convince you that your computer is suffering some sort of malady
  • The caller walks you through unfamiliar parts of your computer system and observes that what you are seeing “with your own eyes” is indeed as terrible as they predicted, if not worse!
  • The caller asks you to run software on your system to allow a technician to connect and fix the files
  • In some cases, credit card is information is sought to allow a service charge to be billed

The new aspects of this scam:

  • The caller shows you around the contents of the ‘inf’ folder. Not as interesting as the event viewer, but there are still a lot of scary looking files in there – if you didn’t know that this is a standard Windows folder.
  • The caller attempts to connect you to the ‘ammyy.com’ remote access service. I don’t know if this site is connected to the scammer organisation; it’s probably not. (earlier versions of the scam used the ‘logmein123.com’ domain.)
  • The caller now offers some contact details so you can verify who they are. Feel free to check yourself:
  • Phone Number – (03) 9016 8698
  • Physical Address – 76 Albert Road, South Yarra

More comments about the call inline.

I’m not normally this mean to telemarketers, who are usually genuine people offering a genuine service. In this case, I’m angry with callers who use simple technical tricks to try to fool people into handing over the keys to their computers. I’m offended they tried, and worried they’re succeeding with other less-computer-savvy people. I don’t think it’s likely that these people believe they are offering a real service that actually helps, otherwise they would do some basic technical training which would expose their script as a simple sham.

Anyway – in Part One, the caller walks me through my file system and attempts to connect to my computer. (Warning – I do install software on their say-so, but only with the system on high alert; I don’t recommend taking this risk unless you know the full impact of what you are doing.) Favourite part – where the technician attempts to show me ‘INF – Internet Notorious Files’.

in Part Two, the caller tries to establish more credibility. And fails.

Have you received any of these calls before? Interested in your comments; especially if there are other versions out there.

UPDATE: Jun 13

Followup time – as has been pointed out by a few folk – the contact details I was supplied are bogus: the physical address doesn’t exist (the only Albert Road is in South Melbourne, with a BP Service Station where 76 should be) and the phone number is answered by a foreign-accented person with no knowledge of the service that was touted yesterday. I hope they call back so I can note those details correctly next time.

App Idea: Podcast Bookmarking

Here’s a smartphone app idea that is either a recommendation request, or a million dollar idea that you can steal and later repay me with a free copy of said app. Here’s the idea:

The app should be a standard podcast player BUT with the ability to bookmark some points in the podcast where it has useful information you’d like to zip directly to, later.

You should be able to shake the phone or hit a button at any time during playback to set a bookmark, and then review a list of bookmarks in the podcast that you can click and visit at any time in the future.

Good idea? Already bindun? Please let me know in the comments.

Amazing Rugby Skills

Rugby Fan? You need to watch this:

All Black Mad Skillz

THEN you need to watch this:

CA Technologies Brumbies Mad Skillz

And then, this:

All Black Mad Skillz – Summer Edition

Three Reasons Why Managing Emergencies via Social Media Is A Dumb Idea

(Note: this post was written in response to the lack of government involvement in Social Media support of the event explained in this post. I actually believe the opposite, but was interested to explore the alternative side of the argument as a writing exercise. I am not associated with, nor represent the views of, any government department.)

1. Social Media Is, Essentially, Gossip

Follow me on Twitter logo

Image via Wikipedia

Social Media is marketed as a meeting place for place for friends to discuss opinions and day-to-day activities. It is not moderated or vetted in any way, and mis/disinformation carries as much truck as the gospel truth.

We prefer that official channels remain separate from a crowd-sourced approach, and not a participant in it. We value the ability to be able to ‘cut through’ the noise with predictable, measured responses that people can anticipate, rely upon, and trust. By operating a twitter or facebook account we run the risk of becoming part of the noise, and of needing to compete for attention against other internet users, in some cases, the very people we are trying to advise.

It is far better to remain silent when the risk of inaccurate information may cost a life. It is better to have people actively seeking information from official sources (via phone or by switching on a radio) than to allow them to put their trust in what appears to be an official source. It is difficult to differentiate between official and unofficial sources (and credible and incredible stories) in the social media sphere, especially if people decide to impersonate officials or organisations via unverified accounts.

For example, during the recent Queensland floods, a rumour was spread via social media that an important dam had developed a crack and was about to burst, and that an evacuation centre sheltering 500 people had lost a roof. People were needlessly panicked, and resources had to be devoted to dispelling myths, rather than delivering useful, true, verified information.

2. Social Media Has No Filter

We prefer to issue alerts directly, via a website we directly control, or through media outlets we trust to handle our information with accuracy and sensitivity. Credibility and trust are critical commodities when people are being asked to make critical decisions quickly. Information made available through official governmnent sites goes though a number of levels of review – some may see that as bureaucracy – others may see it as appropriate governance.

Government departments and news organisations have reputations to maintain and are held accountable for the information they serve – they will not jump at shadows as willingly as some self-elected social media mavens may choose do, even with the best on intentions. It is better to remain a separation between a social approach and an official approach.

Social media also depends on unreliable infrastructure. As robust as social media services are, they are not infallible, and have not been built with mission-critical infrastructure. A twitter ‘fail-whale’ should not become a reason that lives are lost.

3. Social Media Reaches Very Few Important People

The people most in need of emergency assistance are those least likely to own or operate smartphones, twitter and facebook accounts. It is better to focus efforts on communication methods that will reach everyone – including those with smartphones and twitter accounts.

Social media does not have close-to-100% population coverage, as traditional media does. Despite figures touting a broad adoption of social media, in times of trouble, people revert to simpler, more direct communication channels, like telephone and radio. SMS is not a guaranteed delivery mechanism for vital information, Twitter and Facebook even less so.

Social Media in Crisis Situations is a Dumb Idea

Government departments are experts in crisis management – and know that it is better to confront a challenging emergency with ruthless economy and certainty. More information is not better information, and is more likely to do harm than benefit. Social media is a useful tool, but it is not the first one we reach for in crisis situations.

Perth Fires via Social Media

I wish there were more official sources to reference here, but WA emergency services are really letting us down – maybe we’ve had our expectations raised by the excellent use of these communication channels in Queensland recent weeks. Perth media has been slow to ramp up; but AM radio is by far your best source.

UPDATE – Feb 7, 19:00 WST – Thankfully, hearing the ‘All Clears’ rolling in now as the fires come under control. Good to see social media in action, hope we can convince the government to bone up for the next emergency. Thanks, everyone, for keeping us informed. Sending out prayers and strength to those who are now rebuilding.

The following links will become obsolete soon, but hopefully serve as a reminder of the breadth of coverage that has been made available without government intervention.

UPDATE: The most useful tweet yet:
http://twitter.com/#!/fpcwa/status/34203875158396928

For latest info on #perthfires, follow the hashtag, follow @fesa_alerts, call the infoline 1300 657 209, or go online http://bit.ly/dNGKRE

Web

Twitter

Video

Active Media Outlets

UPDATE: good to see Premier Colin Barnett’s staff is down with the tweeps (albeit ‘unofficially’ – The twitter account is not operated by Mr Barnett.)
UPDATE II: Subsequent tweets (1, 2) instead attribute this account to an unnamed public servant hoping to encourage Mr Barnett to embrace #socmed (social media).

UPDATE: FESA does not have a Twitter account, and @WA_Police would prefer updates to come from emergency services – thanks @SeraphimSP for verifying and @jasonjordan for agitating. (Search on ‘perthfires socmed OR social OR SM‘ for a cross-section of the feedback)

UPDATE: Gallows humour, once again; Join the Facebook page Dear perth, feel free to borrow our water to put out your fires. love qld

UPDATE: A couple of links to track the perthfires hashtag activity via twitter