AMMYY Phone Scams (AMMYY Scam)
If you receive an unsolicited phone call from an unknown person claiming to be from Microsoft, your Internet Service Provider (ISP), your computer manufacturer (ie: Dell, HP, Toshiba) and further stating that multiple issues have been detected on your computer, including computer viruses, malware, and trojans and you must install AMMY from www.ammyy.com to allow them a remote connection to your computer hang up – this is a scam! These phone calls are fake! This is a common scam referred to as the AMMYY scam. Please note that the developers of the software AMMYY have no involvement with these scams; however, if you do find that AMMYY software is on your system immediately uninstall it and proceed with further safety instructions detailed below.
The primary objective of the AMMYY scam is to trick victims into allowing cyber criminals access to their computer systems in order to extort money or steal information. The tactics this particular scam uses is to either convince a victim to pay for additional computer support and removal of malicious parasites or gain access to a computer system by atempt to persuade victims to install the AMMYY administrative tool.
AMMYY is a legitimate remote desktop tool that criminals can use to make a remote connection to a victims computer in order to cause complications. Criminals may insist that a victim visit the ammyy website (www.ammyy.com) in order to download and install the remote software. Once AMMYY Admin is installed the criminals and scam artists have complete access and control of your computer. Criminals can view every file, document, video, and more on your computer, as well as corrupt system settings and delete necessary and critical
- Persuade victims to pay for non-beneficial service, in turn handing over payment information including credit card and bank account details.
- Request additional information about your, your family, friends, and even coworkers.
- Access a computer system and leave it vulnerable to further attacks.
- Direct victims to fraudulent or malicious websites.
The video below published by Malwarebytes explains how the AMMYY Phone Support scam and similar phone scams works. A cyber criminal made the mistake of attempting to scam a security researcher at Malwarebytes earlier this year and he managed to capture the ordeal:
What to do if someone calls you and tells you to install AMMYY
If someone calls you claiming to be from Microsoft (etc.) and insist that you install the AMMYY remote desktop tool you should immediately hang up and scan your computer for malware, including spyware that may have initially given the scam artists your contact information. Instructions to automatically detect and remove malware is detailed further below.
- DO NOT PURCHASE ANY SOFTWARE OR SERVICES!
- Do not allow the caller access to your computer system.
What to do if you downloaded AMMYY
If you fell victim to the AMMYY Phone Support Scam and paid for services or allowed criminals remote access to your computer system, take down information about the incident and contact the local authorities.
You should also contact your bank and credit card provider(s) to dispute any made charges and alert them of the scam. Your bank or credit institution can provide further safety instructions.
Rest your passwords! All of them! Reset your computer administrative password and all user accounts active on the operating system. Also reset your social media account passwords, email passwords, and more for safe measure.
Uninstall any unwanted software installed on your computer. If you installed AMMYY or similar remote administrative tools make sure they are removed.
How to automatically remove malware
1. Install the free or paid version of Malwarebytes Anti-Malware software.
2. Once Malwarebytes is installed, run the program. If you are using the free version of Malwarebytes you will be prompted to update the database, please do so.
3. Navigate to the first tab labeled “Scanner” and select the Perform full scan option. Click the Scan button to perform a full system scan. Malwarebytes will automatically detect malware that has infected your computer system.
4. Once the full system scan is complete, Malwarebytes may prompt a message stating malicious objects were detected. Select the malicious objects and click the Remove Selected button to completely remove the malicious files from your computer (the image below shows a file that is NOT selected).