Windows Security Phone Scam Now Targeting Sweden

Richard Balwin

I am based in the UK and only last week I received just such a call. A guy with an Indian accent telling me he was from 'Windows' and that he had detected threats on my computer. When I tried to sound worried and get some more information he hung up.

Hi David,

Thanks for writing this - that's really interesting to hear.

Just to make sure I understand it correctly, the guy did not (attempt to) speak Swedish? Is it common for people in Sweden to receive (legitimate) calls in English? Did he somehow refer to the fact that you're based in Sweden?

I'm just wondering if it could just be someone who entered the wrong access code (46, instead of 44 for the UK, where a lot of these scams are targeted). I'm doing some research into these kind of scams and have been wondering if they target non-English speaking countries in their native languages as well.

Thanks!

Martijn - Virus Bulletin

@Richard I'm pretty certain they've been going on in the UK for much longer.

Here's an article (requires free registration) from the beginning of 2011 that mentions such scams in Australia; I believe they were already going on in the UK back then:
http://www.virusbtn.com/virusbulletin/archive/2011/01/vb201101-hello

@David, thanks. It's interesting to learn that they're calling Sweden too.

Windows phone scam

Hi David,

They are hitting Ottawa, Canada now. Many people I know have been contacted within the last few weeks. I was targeted last week. Although I could barely cut through the accent, I understood that this was a scam. When he said that they had been trying to contact me for some time, I reminded him that Microsoft can contact me at any time they want and that this was a scam. "What a scam?" he said. I replyed that if he couldn't speak english any better than that, then Microsoft would have never hired him. He then got belligerant and I hung up after a few choice comments.

Thank you for your comment. It seems that they are hitting many countries then. I wonder how this is setup, and how many people thats behind this.

did get it too

yes as a matter of fact I did get a call like that, me too at first I started asking some simple question and that prompted them to hang up. According to this new report by Australian TV: http://www.whycall.me/info/techsupportscam.php

according to Microsoft's official warning about this an average consumer loses 850$! This is almost hard to believe considering that a brand new computer often costs less

Just received a phonecall

Hi,
I was working from home in Sweden today and just received such a phonecall on my home number. I am a curious person and fascinated by the mechanics in scams and frauds like this. So i just played along when he called and said i was so glad that he called. Just after he introduced himself with one of those corny names like "Mikael Smith", i said "my computer is full of viruses, thanks for the service of calling me" He got a bit shocked and said "hold on for a second" and went back and their was discussions in the background. Then he asked if i was close to my computer and advised me to press "start and R" buttons to open the run-window. There he told me to write something that i cant remember at the moment. I obviously didnt type anything but i constantly pretended not to hear the letters he told me. Thought somehow i could make his phonebill increase at least.. ;=) After a couple of more discussions on what letters i should type and just before pressing "enter" i asked him if i need an internet connection to solve the issues. I said I canceled my subscription for internet a couple of days ago because of to many viruses on my computer. Then he said " be right back" and went for another lively discussion in the background. When he came back he said there was nothing he could do if i dont have internet. And i thanked him immensely for helping me out and assisting me. Before i hung up i asked him if he wanted to buy something from me. I asked if he needed cheap Viagra. And that i could give him a very good price. Then he actually started laughing and we wished each other a nice weekend before hanging up.

Identifying WHOIS behind: "Windows Critical Scanner"?

As an American ex-Pat residing in Sweden, your post caught my eye while surfing the web trying to locate information about those behind "Windows Critical Scanner"! As yet to be picked-up by KASPERSKY. Been working w/techs at: BleepingComputer.com, and finally after 4-days rid my computer of this dangerous Malware, which I inadvertently clicked on, and what followed was a nightmare.

Having made a personal commitment to attempt to track-down and identify "WHO" is behind its creation and/or "WHO" uses it to infect others by profiting from their scam by (a) knocking-out ALL your security software; (b) disengaging your browser; (c) taking control of Windows Task Manager; and, blocking ability to auto-report problem to Microsoft. Need I say this thing is VERY dangerous! Any help ANYONE can provide in my quest to track these criminals down is greatly appreciated.

Background information can be found at the following website: http://www.bleepingcomputer.com/forums/topic450386.html; or by Google the words: Windows Critical Scanner and read the threads and sub-threads.

Thx!
Cyber-Vigilante

-END-

To Cyber-Viglante

I got them to give me a number to see if they were ligt...probably the real microsoft support i did not call it but just in case here is the number they gave we 209-813-2525 perhaps they were too stupid to and gave me a real number that might help you find them. Happy hunting. I hope you catch them and through them in jail.

Support scam.

Hello David!

I don't know if you even keep check on this thread anymore but I thought I'd share my experience and also my own worry.

At around 11:50 AM today, I got a phone call in the morning. I had just woken up and I was very tired. This guy who spoke in this broken indian accent started to talk to me about my computer being at a high threat level.

Long story short, I was stupid and tired, and I installed the program they asked me to (The program they will ask you to install is called Ammyy, and they will ask you to download it from www.ammyy.com). Then, after they had shown me what seemed like legit numbers of my computer being under a high risk level, they wanted me to buy a new Windows 7 lisence.

They gave me four choices.
1. One year lisence for 149 USD.
2. Three year lisence for 200 USD.
3. Five year lisence for 250 USD (For two computers).
4. 'Lifetime' (8 years) lisence for 350 USD (For two computers).

At this point, I started to really worry. Windows would never call their customers and ask them to buy stuff after they had taken control of your computer. They wanted me to buy the lisence and then their worker would block these errors and warning files that were on my computer. Incase they were Windows workers, they could have done this easily without wanting me to pay alot of money for something I already have.

At that point, I said that I did not have the economy for it, since I wanted to get off the phone from these scammers and clean my computer from what they had downloaded.

I got put on the phone on this guy who presented himself as "Linus Smith". That name just screamed to be fake. He knew my name, both first and surename, and that he had my brothers first name could NOT have been a coincidence. Not when that name is very Swedish.

I asked for his phone number, incase I would change my mind. And he gave it to me.

+1 973 200 6677

Incase anyone knows any way to get these people arrested or shut them down through this number, go right ahead and use it.

But, now I am still worried. I did not give them any credit card number or any of such. But now I am very concerned about going to my internebank and checking my bankaccount. And that's not all, since they installed the admin thing, I can't find it.

Anyone know what I can do to take it away? It's not on my program and functions or anything of such. I checked my toolbar and the Ammyy Admin Device, named AA_v3.exe is on the toolbar. But I cannot remove it or find the directory or filename where it is located.

Anyone that can offer me help?

Edited by Emil Allander, 2012 Dec 14, 22:09