Responding To New Tricks in the Notorious INF-Ammyy Phishing Scam

Event Viewer

Image via Wikipedia

Long story short – if you receive phone calls from people you don’t know, claiming to know your computer is broken and needs fixing, finish the call quickly. It’s a ‘phishing‘ scam.

Alternatively, if you have a few minutes spare, record yourself wasting their valuable time, as I did earlier today.

Having received a few phone calls from ‘the Windows Service Center’ recently, and after asking them politely not to call with their crazy story a few times before, I decided to see if I could be removed from their list by deliberately wasting their time. It took 20 minutes to find out their latest tricks, and have them hang up on me for a change.

These calls are full of technical nonsense-speak, and designed to allow the trickster to gain control of your computer for, at best, an excuse to bill you for unneeded service charges, and at worst, access to private information like banking details or enlisting your computer in a botnet.

In today’s call, I followed a few of their more harmless instructions. I was expecting this to be a version of the ‘Event Viewer Scam’ which is well-known online. This one is a little different – I’m calling it an ‘INF-Ammyy’ version because of the specific techniques they used. You can replay the full call below.

This version follows the usual structure of the scam:

  • The caller attempts to convince you that your computer is suffering some sort of malady
  • The caller walks you through unfamiliar parts of your computer system and observes that what you are seeing “with your own eyes” is indeed as terrible as they predicted, if not worse!
  • The caller asks you to run software on your system to allow a technician to connect and fix the files
  • In some cases, credit card is information is sought to allow a service charge to be billed

The new aspects of this scam:

  • The caller shows you around the contents of the ‘inf’ folder. Not as interesting as the event viewer, but there are still a lot of scary looking files in there – if you didn’t know that this is a standard Windows folder.
  • The caller attempts to connect you to the ‘ammyy.com’ remote access service. I don’t know if this site is connected to the scammer organisation; it’s probably not. (earlier versions of the scam used the ‘logmein123.com’ domain.)
  • The caller now offers some contact details so you can verify who they are. Feel free to check yourself:
  • Phone Number – (03) 9016 8698
  • Physical Address – 76 Albert Road, South Yarra

More comments about the call inline.

I’m not normally this mean to telemarketers, who are usually genuine people offering a genuine service. In this case, I’m angry with callers who use simple technical tricks to try to fool people into handing over the keys to their computers. I’m offended they tried, and worried they’re succeeding with other less-computer-savvy people. I don’t think it’s likely that these people believe they are offering a real service that actually helps, otherwise they would do some basic technical training which would expose their script as a simple sham.

Anyway – in Part One, the caller walks me through my file system and attempts to connect to my computer. (Warning – I do install software on their say-so, but only with the system on high alert; I don’t recommend taking this risk unless you know the full impact of what you are doing.) Favourite part – where the technician attempts to show me ‘INF – Internet Notorious Files’.

in Part Two, the caller tries to establish more credibility. And fails.

Have you received any of these calls before? Interested in your comments; especially if there are other versions out there.

UPDATE: Jun 13

Followup time – as has been pointed out by a few folk – the contact details I was supplied are bogus: the physical address doesn’t exist (the only Albert Road is in South Melbourne, with a BP Service Station where 76 should be) and the phone number is answered by a foreign-accented person with no knowledge of the service that was touted yesterday. I hope they call back so I can note those details correctly next time.

Advertisements