Sponsored by..

Wednesday, 17 July 2013

02086 547426 "PC Wizard" tech support scam

Just a quick one.. some Indian scammers routing through a UK number 02086 547426 (02086547426) and purporting to be from a company "PC Wizard" just called and tried to convince me that something was wrong with my PC.

I'll do a write up later.. but in the mean time their MO is to get you to look at your Event Viewer for errors (there are always) errors, and then visit ammyy.com to run some remote control software. DO NOT LET THEM DO THIS!

Update:
I know this type of scam is quite common, and ammyy.com even admits that it is often abused in this way. There was a degree of sophistication here though in that they had a close approximation of my wife's name and we have an unlisted telephone number.

There were two operatives, the first one handles the initial part of the call and makes you open up your Event Viewer to look for errors and warnings (there are always some of those) and then warns you not to open the warnings or you will damage the computer. Operative number one had an Indian accent and sounded like they were coming in over a voice-over-IP connection.

Once they have you hooked, you get connected to a second Indian operator who attempts to connect to your computer with the ammyy.com remote control software. In this case it was operator 6070592.

After mucking the operator around for 20 minutes I confronted them with what they were doing. He was unapologetic and full of bullshit, and was still trying to connect to my machine.

Of course, the whole thing is a scam. I don't have a support contract for my version of Windows, the errors in my Event Viewer were harmless.. but if I had let the operator take control of my machine then he could have installed any sort of malware on it, or trashed the machine and then charge me a fortune to fix it.

I've been working in the IT field for almost 25 years and frankly it was obvious in the first few seconds that this was a scam. But for a naive user it might seem credible. If (like me) you end up doing tech support for your relatives, it might be a good idea to edit the PC's hosts file to block ammyy.com and www.ammyy.com:

0.0.0.0     ammyy.com
0.0.0.0     www.ammyy.com 



6 comments:

1 said...

Even if they don't use ammyy then they have been seen to use teamviewer and other tools.

I hear of people getting calls like this weekly.

Once it was someone who had just moved house and had a brand new phone number - the scam callers knew her name too.
So someone related to the house moving process must have leaked the details. (BT?)

The sad thing is how difficult it is to persuade the victim that they were trying to be scammed as the "event log" crap feels real to them and are almost adamant that there really is a problem with their computer.

Conrad Longmore said...

@1 I daresay that the contact details haven't been obtained legally.

martijn said...

I don't really know how they get people's details, but in my case I suspect it's the fact that I didn't realise that here in the UK you have to opt-out to being on the part of the electoral role that's offered on sale...

I pretended to fall for such a scam early last year, even managed to get beyond the payment process to get some insight what they do to the PC. YMMV, but in my case they ran some free security tools. Just after that "one year of support" ended, I got a call from PC Wizards. That was not what the company was originally called, but they don't seem to target people with good memory. The social engineering tricks, and the free security tools, were the same, though they did figure out I had "scammed" them too (because they payment failed) and they kept calling me for several weeks.

martijn said...

(Btw, drop me a line if you want to know more details about that.)

K said...

They just called me 10 minutes ago and I had to argue with them. Funny, they hung up after a while. Oddly they asked my age too, haha. I've never received a call from someone like this, definitely a first. Felt like a scam, but tried to "comply" until they wanted more and more access, and then I kept drilling them about questions. Wow. Be warned people, most users would be totally scared and confused.

Unknown said...

called today by a company calling themselves PC Wizard after some online research I found this is a company that does IT work for businesses not personal users, im PC savvy but to the people that don't know any different these people are dangerous they tried to get me to turn on my computer as he said it was turned off and I was on my PC at the time first red flag, he also had an indian accent and the phone number called from was 01375841197 and that is not the number listed on the actual page. I did report this to the legitimate company, I got there answering machine but left the details for them to deal with... we had just put new OS's on both our PC's two days prior so we where well aware there was nothing wrong with our computers.