21 July 2011

Is Ammyy Behind the Scammy Phone Call?


My friend just relayed to me this funny story of receiving a very scammy phone call recently.

Bottom line:
Someone with a thick Indian accent called my friend, claiming to be from "Windows Service System" based in "Otwa, the Canada state", claiming that they detected on my friend's computer many malicious malware, and wanted to show my friend these malicious files by asking him to download and run this "Ammyy Admin" software.  Based on the content of the phone conversation, and subsequent online checking, it's pretty safe to say the Indian sounding fellow's end-game is to get remote access to my friend's computer, and to force him to cough up money to "fix" the computer.  If you get such a call, just hang up on them.

Some general details:
The Telus phone company is aware of the scam, according to the Telus phone operator, and the operator's advice was to just hang up on them.  The Canadian Anti-Fraud Centre [1] is aware as well, and have published a bulletin on this.  The internet chatter on this is loud and clear that this scammy type phone call is popular and old.

How the call went down:
The fellow with the Indian accent (let's call him Ishaan - not his real name) called my friend (let's call him Greg - not real name either).  Ishaan says he's calling from "Windows Service System, service provider of Windows", and he's calling because he's "getting regular pop-up alerts about how [Greg's] hard drive is about to crash-down due to malicious files".


Greg plays along, asking what Ishaan wants him to do.  Ishaan wants to show Greg all the corrupted files, and asked Greg to use the Windows Run command (Win + r) to run "inf".  Ishaan asks Greg if he sees all these files ending in "inf", and asked how many files there are, because (Ishaan claims) they are the corrupted files and usually it's okay to have 20 to 25 corrupted files, but if it's 1200 to 1500 then it's very bad.

Greg says there's 1335 files, and Ishaan very emotively and almost sadly states "oh my god, could you imagine all of those files corrupted on your PC.  It is very close to crashing down and hammering down your hard drive".  Ishaan asks Greg to very carefully close the window so it doesn't make it worse.

(Aside: Crashing down?  Hammering?  You just can't make this stuff up!)

Next, Ishaan asks Greg to open the Run window again to type in the Ammyy web site URL (which I purposely will not link to here, but it's easy to find their .com URL).  Ishaan wants Greg to click the big button that downloads and runs this "AMMYY_Admin.exe" program.  And "what does this program do?", Greg asked.  Well, it "Connects [Ishaan] to [Greg's] computer so [Ishaan] can show [Greg his] damaged files", of course.

Here's the thing.  Greg has a Mac running Mac OS X.  There is no Windows Run command.  Greg's just been jawboning the whole thing all alone, despite the fact Ishaan kept asking Greg to tell him what he sees on screen.  So at this point, Greg can't really go on anymore since he has no idea what the Ammyy program looks like when it runs (since it can't run in Mac OS X).

Instead, Greg "starts" getting suspicious and asks Ishaan where he's calling from, since Greg "has" a Dell computer and Ishaan isn't calling from Dell.  Ishaan replies he's calling from "Otwa".  It took some back and forth before Ishaan clarified it's "Otwa, a Canada state" (!).  And does Greg have to pay anything for this service?  Ishaan insists it's free.

Well, at this point, Greg asks if he can bring his computer in to get it fixed in person, because he "doesn't feel comfortable fixing it himself - what if he breaks something!"  But Ishaan insists that Greg "cannot bring the computer in to fix, because it can only be done online.  The damage is inside your computer", you see.

Anyhow, Greg kept insisting on bringing the computer in to have it fixed, and not a few seconds later, Ishaan hangs up on Greg.

No doubt, had this went down with someone less skeptical of unsolicited phone calls from someone offering free service — someone who doesn't realize how ridiculous it is to call someone in Canada and tell them that "Otwa" is a Canadian "state" — the result would've been at least a computer getting completely taken over remotely (and then credit card or personal information might be easily stolen and sold for identity theft purposes), and a credit card would've been charged to "fix" the computer for amounts the CAFC bulletin reports range from $35 to $469.

My Rant:
I went checking online afterwards to see what's up with this scammy deed.  Apparently, Norton Safe Web reports the site is "OK" and "SAFE", even though the community rating is 1.4/5 based on user reviews stating it is a "SCAM".  Why?  According to some, the Ammyy software itself is legitimate and not malware.

But this scammy type call is so apparently widespread that any legitimate company should display some kind of prominent warning on their web site — the lack of prominent warning is evidence the web site itself is maybe not legitimate in my eyes.  In fact, the support forums linked to from Ammyy has a number of posts discussing how Ammyy is being used as parts of these scammy calls, but the replies from the Ammyy administrators gives me the feeling that they are blaming the potential victims for answering these calls rather than being responsible professionals and post a clear warning on the front of the web site regarding these alleged scams.  Also, it seems many posts on the forum are spam posts, which again makes me wonder how legitimate, professional, or real that company really is.

Then I went searching on Google for the Ammyy software and again Google doesn't warn that the site is malicious or anything.  I guess if the web site technically doesn't contain malware, then Google and Norton will say it's "safe" even though it's used as a component of a larger scammy scheme.

As I mentioned above, Greg informed the Telus phone operator of the call right away, and the operator's advice is to just hang up.  Great.  So all scammers get a pass I guess unless someone actually gets hurt, then the hurt party can call in the cops and it's out of the phone company's hands.  But the coppers can't do much since the call is probably placed out of the country anyway, so all they can do is put up a CAFC bulletin.  Wonderful stuff.


Update 2012 May 21:
Some "Eugene" person from Ammyy left a comment saying it's not their fault. Maybe it is, maybe it isn't.  I don't know.  The comment didn't get published for various reasons but it's identical to the comment left on A. Alfred Ayache's blog.





[1] I'm always weary of official sites with URLs that's hard to "know" or verify as being legitimate. There is, however, a link to the CAFC from the RCMP's Scams and Fraud page.

3 comments:

angrycustomer said...

just got that call today. he tried to make me download the ammyy thing and my firewall said that it was "potentially harmful to my computer". follow telus' advice. HANG UP immediately.

SoniD said...

Got a call right at this moment. The guy has a fake Idian/american acent and office noise background. I asked questions he told me he was calling from New York. I got his name and his apperent company number but when I called it when he was online it was just playing some music which disconnected after (totally bogus number).
So I hunged up but he called back being persistant.
Insisting that he was for real but I researched the software 1st and wanted to see its reviews and I found this website.
At this point I just hunged up. Knew my gut was right!

SoniD said...

Got a call right at this moment. The guy has a fake Idian/american acent and office noise background. I asked questions he told me he was calling from New York. I got his name and his apperent company number but when I called it when he was online it was just playing some music which disconnected after (totally bogus number).
So I hunged up but he called back being persistant.
Insisting that he was for real but I researched the software 1st and wanted to see its reviews and I found this website.
At this point I just hunged up. Knew my gut was right!