Phone Phishing Scam by

Usually I get my “phishing” done via email.  This one used the good old telephone!!  I just got a phone call from “Mark,” who was obviously from India.  He called to inform me that I probably had downloaded some viruses and would I “please to like help” removing them?

I would have hung–up the phone, but a client of mine had received a similar call, and so I decided to play along.  First he had me open Event Viewer, a windows utility that shows what has happened in your PC.  It is normal from there to be warnings and errors, but Mark made it sound like this was proof I had a virus, probably many many viruses.  Then he had me type a web address into the Run dialog box, instead of my web browser.  Nice try.  See below


I quickly did a Google search on the company, Ammyy, and found what I expected.  This is a huge scam.  So when you get the call just hang-up the phone.  Do not go to the web site.  Do not given them your credit card information.  Do not let them take remote control of your computer or install anything.

This excerpt from Wilders Security Forums pretty much tells the story.

The Nerd Support is not a legitimate company. Here is what I know from my elderly father’s experience:
1. They prey on the less computer savvy people they cold call with made up scare stories about viruses.
2. They claim to be from Microsoft or from the "mark’s" ISP.
3. They take money for illegally pirated copies of Windows 7.
4. With the mark’s assistance over the ‘phone, they take remote control of the mark’s computer. What they do in addition to bit-torrenting the illegal version of Windows 7, god only knows.
5. They take money for non-existent PC "support" services. My father is 83 and was persuaded to take a 10 year contract!
6. They leave a contact number which doesn’t work.
7. Once they have successfully scammed a mark, they will keep calling back, again and again, presumably with a view to obtaining more personal information, or extracting more money for further illegal goods and fictitious services.
8. They are based in India, although financial transactions appear to go through Cyprus. No doubt the personal information they use is stolen from Indian call-centres.
9. These "people" are thieves and con-artists, with absolutely no consciences.
10. There appears to be absolutely nothing that can be done to stop them.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.