As I type this, I am telling a user that she is the victim of fraud.
I had a very good client give me a call today. She said her computer has been acting strange for awhile and wanted me to check it for viruses.
Oh, I found viruses all right. Along with a background process called "Ammyy Admin" and a text file on her desktop called "technician". In the text file was all of her financial information with a list of work done (all misspelled), and a charge for $250.
I'm doing all this in a remote session, btw. I asked her "What is this? Did you speak to someone on the phone about fixing your computer?"
She explained that she was having problems with yahoo. So she searched for "yahoo support" and called the telephone number that popped up in the search results. It was an automated line that told her to key in her phone number and she would receive a callback. An Indian guy calls her back and says he can fix her computer for $250.
He fixed it by installing a backdoor. He then took her money.
I advised her to call her bank and freeze all her bank accounts and to tell them she has been a victim of fraud.
She's not a happy client right now. Happy I'm cleaning up her computer though.
Bonus: She paid me a LOT of money to fix this for her.
I was charging her my flat normal fee and she was so grateful that I found out about the fraud that she gave me bonus pay.
submitted by DavidTennantsTeeth
I caught a phone scammer in the act
Last night I could hear my girlfriend's mother on the phone in the computer room. Something was a little odd about the call, but not until my girlfriend went and asked who was on the phone, did I realize what was going on.
"It's Microsoft. They say there's a problem with our computer..."
I immediately told her it was a scam and asked her what was going on. I took the phone and looked at the computer screen. MS Event Viewer was opening and the cursor was ghost-pointing around the screen.
The caller was calmly trying to explain to me where he was calling from, "[some three letter acronym] IT." I told him I was an IT guy myself and asked how he knew there was a problem. The script went something like this:
"Every computer has a feature that reports errors and viruses to Microsoft. We can see that your computer is having problems and we're calling to provide assistance..."
"So you're contracted by Microsoft to provide support?" I asked.
"No, we are calling sir, to assist you with the errors we can see here," he said.
"So you have access to Microsoft's error reporting servers?"
"No we do not, sir"
"OOKay. And what number are you calling from, again?"
I closed the desktop sharing software and turned off the PC.
So it turns out that my girlfriend's mom was instructed to run some command (maybe ipconfig?) to get what she called, "our computer ID." She had downloaded and installed the Ammyy Admin remote desktop software. I believe the caller was about to show her some "errors" in the Windows logs and convince her to hand over her credit card info to pay to "fix" the PC.
I didn't have time to do any forensics. I ran malware scans, which only found Ammyy Admin. Thankfully the Ammyy Admin executable she downloaded appears to be safe itself. It is identical to the one available from www.ammyy.com
(md5 checksums are the same).
Please warn your non-tech relatives and co-workers everyone!
submitted by JimmyEggs