Loading 3 Votes - +

Fun on a AMMYY Phishing Expedition

While the latest Christian flame war has been proceeding on ON I was contacted several times by the same scam group attempting to hack my computer. It was the usual heavy south Asian accent informing me that my computer was severely infested with viruses and was infecting many others in my vicinity. The transparency of this scam does not seem to have dawned on them yet, and they seem to have no way of crossing off a number after it has been called. It appears that everyone in the scam call center is going through the same list.

I had mothing much else to do at the time, so I decided to play along for a while. First they took me to Event Viewer and my log file and tried to convince me that all those colored triangle symbols on certain logged incompatibility events indicated a serious infection. When I voiced my scepticism they referred me to a “supervisor”. They do this all the time and I am sure they are just doing it for each other. He took me over all the same ground again – they have only one script and are not sure of their English when you draw them off it. When I did not bite he told me to run a program called AMMYY.com This takes you to a web page which is probably innocent per se, but apparently it lets them access your computer if you agree to run it. I was not going to let them do that, so I told him that my virus checker and firewall seemed to be going crazy with warnings of a possible hacking attempt. That rocked him for a while but he recovered and urged me to try it anyway. I replied that my company protocol would require him to sign an NDA before I could do that.
Then he got upset and I told him that his scam was well known and that he was just a Paki Crook. He replied that he was not Pakistani but a Taliban and that he would come and bomb me. I was satisfied that I had broken the bullshit barrier, so I hung up.
Later that day I received two more calls from the same outfit. When I stopped the script and asked if I could speak to the gentleman from the Taliban, there was a stunned silence. I said that he had promised to bomb me and I needed to make an appointment. They hung up then.

Reflecting on this overnight, and also on the notion of one of our nerds that we should only do business with people who reflect Christian moral values (on the current main thread), and expecting another call soon, I decided to combine the two things on my next call.

I am going to tell them that my company has just been bought by a Religious outfit based in Kansas that is run by some fundamentalist Christian conservatives who are very wary of dealing with people who do not share their moral values. They have instructed me to insist that all my clients fill out a questionnaire, and that any who may have access to our computers must also complete an NDA and get it notarized.
So now I can ask some very personal questions.


Preamble
This business is owned by a company which holds to fundamental Christian ethics and morality. The board has directed that it should only do business with entities that hold similar values. It will therefore be necessary for all prospective clients to complete the following questionnaire, in a form readable by MS Word, and return it to the address provided with a copy by e-mail.

Christian Fellowship Client Approval Questionnaire
i. What is the name and full address of the company making this approach? Please provide the company number and registration details
2. Please provide the full names of all company employees who will be dealing with Christian Fellowship.
3. For all of the people listed in 2 above please provide the following information:
i. Date and place of birth
ii. Qualifications
iii. Experience
4. For each of the people named above please also provide the following personal information:
i. Religion
ii. Sexual orientation
iii. Criminal record
iv. HIV status
5. Have any of the persons mentioned above:
ever procured an abortion?
owned personal fire arms?
been a member of the Communist Party?
voted Democrat?
6. Please provide a scan of the front page of your Professional Indemnity insurance policy to the value of at least US 5 million
7. State you willingness to provide Liquidated Damages to the value of US 1 million – to be deposited in advance in a nominated bank account.
8. Please provide appropriate documentary evidence supporting allyour above statements.
9. For any firm that will have access to company confidential records or IP, whether in paper or electronic document form please provide a notarized original of the attached NDA, signed by all of the employees listed in 2 and also by one of your company directors, and witnessed by a JP.
-————————————-
Now I am hoping that I will be able to send this bait to a real Phish. If I do get one on the hookI expect the response to be that it is illegal in the USA to ask such questions. I will reply that personally I agree but my job depends on doing as directed. I will inform him that one of the directors of my company is also partner in a big law firm. He loves God, and litigation, so good luck with that.

Similarly tagged OmniNerd content:

Thread parent sort order:
Thread verbosity:

With all the constraints on us for business and personal communications, it can sometimes be a relief to be able to speak to someone without any consideration about politeness, manners, truth, or racial sensitivities. These assholes prey on old people who are struggling to come to terms with computers so that they can stay in touch with family and friends, do bills, banking etc. The last thing they need is these rats making them afraid of the technology and criminal activity. I can think of no good reason to restrain what I can say to them.

Or, is this an incorrect view? Are the workers in these Asian call center scam sweat shops unaware that they are operating a swindle? For this particular scam it is just faintly possible that they believe the script and think they are selling a legitimate product? Are they being paid a pittance, and grateful for employment that utilizes their hard-won English skills in a clean office environment? Is fraud so common in their world that they regard it as normal business activity? If this is true, should it influence how we react tho them?

I think not, but I am open to other opinions.

First of all, I am not a lawyer, so take this with a grain of salt. But, I do not believe these questions are illegal. While they are certainly frowned upon, I believe a private company may ask them under the conditions you’ve outlined. If you were providing the service/product, then you’d get into some murky waters with these questions. But, they’re “company” is the one providing the “service”, and you’re free to choose whom you purchase from and under whatever conditions can be mutually agreed upon. At some level you could run afoul of anti-trust laws if you were significantly restraining trade, but scamming the phishers like this would never be viewed as such.

1 Vote  - +
Counter Trojan by VnutZ

You could always request for them to provide you an e-mail address to mail a PDF document to … that you need some information for them to fill out. And just have the PDF laced with a simple infection generated from Metasploit. They don’t sound too professional so that simplicity ought to be enough to gain access to their network.

Share & Socialize

What is OmniNerd?

Omninerd_icon Welcome! OmniNerd's content is generated by nerds like you. Learn more.

Voting Booth

America's involvement with the ISIS crisis should be?

7 votes, 0 comments