As a way to show me that I was indeed infected with these horrible "malwares," he went through a few steps to ensure that I was in front of my laptop and it was powered on.
Little did he know, I complied by opening my non-Windows laptop and fired up a completely clean virtual image of Windows XP.
The eager savior of my malware woes instructed me to hold down the "full Windows flag" in the lower left hand corner of my keyboard (sorry my keyboard doesn't have a Windows flag, but whatever) and "press the 'R' key." After explaining what I should see on the screen, he had me type "eventvwr” in the blank white space next to the word open and click 'OK'. Again, another long explanation that I was looking at 'Event Viewer'. From there he had me "double left-click" on 'Application'. (Update needed to the friendly technician's flip chart: there is no need to double click.)
He next explained the normal 'blue' information icons and asked if I saw any 'red circles' or 'yellow triangles'.
Of course, I immediately informed him that I saw both. He said, “Okay, don't click on any of those. Those are 'malwares'. They are causing damage to your computer." I immediately responded with "Oh no! How do I get rid of this?" The nice gentleman calmly assured me that he was here to help and that is exactly why he called. When I told him that I "Facebooked all day long," he informed me that is probably how I became infected and "not to worry." He said after he helps that “your computer would run just like it was new and you will never have problems again.”
Well, sign me up!
Eager to get this stuff off my computer, I followed his instructions to go back to the Run dialog box and type in "www.ammyy.com". Of course, it brought up a browser with the website of AMMYY Remote Desktop Software. He instructed me to click on the "Start working with Ammyy Admin" button in the center of the page. He then kindly asked if I saw anything asking to run the file. I told him that "I had an option to save the file but I don't see run" so he had me select 'save' and then double click the downloaded file.
Once I did that, he asked if I saw my "Client ID." I quickly questioned why he needed my Client ID and he told me that he needed to provide this to the service engineer so they could fix my computer. At this point, I either had to give him access to my computer or cut the call, and I wasn't going to give him access to my computer. I decided to end my game and let the scammer know I was on to him and playing him the whole time. I wasn’t rude, but I did make it clear to him that the call was over.
In this case, I wasn't the one being socially engineered, but was the one doing the social engineering. However, this is a scam that many fall victim to. I mean, the guy just sounded so sincere.
Typically, the next step in this kind of scam would be that the scammer demands payment for the “cleaning” service by conveniently opening a browser to PayPal for you to submit payment. If you refuse? Well, they have a remote session open on your computer so your entire computer, and all of your data, is at their mercy. And, since they have full access to your computer, they often just install their own malware anyway.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.