The ammyy scam: the worst social engineering I’ve ever heard

Email Scam

For some stupid reason which I have no idea… I got 3 calls from a call centre while I was at home trying to work today.

It got to be a bit of joke by the second call because with the first call I got so peed off about what they were trying to tell me I just hung up after 30secs. When someone called again, claiming to be calling from Microsoft customer support, this time I playing along with this call just to waste there time and work out what they wanted me to do so i could warn other people not to follow the steps.

Caller: open Internet Explorer and type in ammyy.com.

Caller: click to download and install ammyy

Me: I can’t do that (lies of course)

Caller: Why not? click the link and choose install.

Anyway that went on and on for about 20mins, and so of course I hit Twitter with some funny bits I was hearing on the phone. By the time I finished… I was doing stuff like using the toilet and saying I was still in front of the windows XP machine (I would have thought the sound of me peeing would be a clear clue that I wasn’t really listening)

By the time it finished, Nic Ferrier suggested I should record them next time they call. So I did, but I didn’t catch the start of the conversation, so I started recording about 10-15mins in. Here’s the recording with a con-artist.

Recording-1 with a con-artist by cubicgarden

It is a scam (so popular its actually called the ammyy scam) as you can guess but weirdly it does actually catch people out… [1][2][3]

Hopefully the recording will help raise the profile of this scam and stop other people falling for this frankly terriable social engineering scam.

Tiger Team a review

Tiger Team hopes people turn there security around

Ok I take it all back, I was wrong. Tiger team is great. I thought it would be all style and no substance or really boring. But actually its very short (less that 20mins a episode) cut together into a reasonable paced documentatry. Its split into 5 pieces including part 4 the heist (yes 2 members of the camera crew do follow them into the heist) and part 5 the debrief. Its actually all good stuff and you get a good balance of social enginnering and computer exploits. For example they use a USB trojan and some social engineering on a receptionist to gain access to the internal network. Theres some technical material details but not enough to bore most people and maybe not enough to really be used for copycats. For example they don't say which software there using or how they pick locks. There's alot more analysis on the show in the Schneier blog post about the series. I wonder what some of these people would say about the real hustle?

The first episode was good but the second one really good because you could really see that it was a real challenge and they almost got caught too, which adds to the suspense. I really don't hope they don't cancel this series before it plays out. More photos here and because its not available in the UK, links to the torrents.

Technorati Tags: , , , , , , , ,

Comments [Comments]
Trackbacks [0]