Beware of the 'Ammyy' Security Patch Phone Scam

A new twist on an old scam

Mature woman working at home

Dan Wilton / Getty Images

There is a widespread scam on the rise in many English-speaking countries. It's been dubbed the "Ammyy Scam" by many due to a website that the scammers try to direct the victims to. The scam has been extremely successful and has duped many users into falling for it.

The Basics of the Scam

The victim usually receives a phone call from someone claiming to work as a security person for a large company such as Microsoft or Dell.

The caller claims that there is a new security vulnerability that they have detected that is very dangerous and affects "100% of the computers in the world" or something to that effect. They also state that they are alerting users as a courtesy and that they will offer to walk the victim through the installation of a tool that will prevent the problem from affecting their computer.

The scammer will then ask the victim to go to their computer and open up the event log viewer program and will ask them to read something back from it. No matter what the victim reads back to them, they will say that this information confirms that the new virus/vulnerability is present and that they must act immediately or the victim's data will be destroyed. They will also insist that no other virus scanner is able to detect the threat.

The caller will then direct the victim to a website which is often, but may have been changed to something else since the scam has gotten some media attention. They will ask the victim to install the Ammy.exe file (or something similar) and ask for a code that the software generates. This code will allow them to remotely access the victim's computer. The Ammyy tool itself may be a legitimate tool for providing remote access to a computer for support purposes, but in the hands of these guys, it merely provides a backdoor into your system so they can take it over and install other malicious software and/or steal valuable personal data from your computer.

After the scammers have confirmed that they can connect to the victim's computer (and take control of it so they can install their malware) they will claim that the problem is fixed.

Some of the scammers might be even so bold as to sell victims a fake antivirus product (Scareware), that will further infect their computers. Yes, that's right, they ask the unsuspecting victim who just allowed them to infect their computer to shell out cash to further infect their computer. These people have no shame. Some victims opt to purchase fake antivirus software out of fear, and now the scammers have their credit card information as well as access to their computers.

So What Do You Do If You Have Already Fallen for This Scam?

Immediately isolate your computer and disinfect it with anti-malware software installed from a trusted source.

Pull the Ethernet cable out of the computer's network port and shut down the wireless connection. This will prevent further damage to your computer and ensure that the scammer can't reconnect to the PC. Additionally, you should follow the steps in our I've Been Hacked, Now What? article.

Contact your credit card companies and report it.

Letting your credit card companies know what happened will allow them to issue a fraud alert for your account so they can be aware that fraudulent charges may be pending on your account(s)

Remember that the Ammyy tool itself is just a gateway for the bad guys to get into your system. They could have victims install any number of other legitimate remote administration tools that would still allow them to accomplish their goals.

Guidelines to Avoid Scams

The key to avoiding scams like these is to remember some basic scam fighting guidelines:

  1. Microsoft and other major companies are likely not going to call you to help you fix a problem in this manner.
  2. Caller IDs can be easily spoofed with Voice Over IP software. Many scammers use phony caller ID information to help build their credibility. Google their phone number and look for other reports of scam reports coming from the same number.
  3. If you want to fight back, the best way is to report the scam to the Internet Crime Complaint Center (IC3).