Telephone Scam

  • You receive an automated phone message from a mobile number advising that you have just paid $99.99 for your annual "subscription"

  • Press 1 to cancel your "subscription"

  • A scammer (in a boiler room by the sound of it) takes the call

  • You are encourage to go to a fake web page and download Anydesk

  • You are asked to hand over the BIG RED NUMBER on your screen which allows the scammer to immediately access your computer or device

  • You are asked to add a password and enable unattended access so the scammer can access your computer whenever it is switched on

  • Nek Minnit your bank account gets cleaned out.....

The Phone Call

  • The automated call advises you that your $99.99 "annual subscription" has just been deducted from your credit card

  • You are invited to "Press 1 to Cancel" which puts you through to the scammer

  • The scammer then directs you to a web page gg.gg/amzpr3 on the pretext of "verifying your account"

The Web Page

  • gg.gg is a website which allows you to shorten any web address (URL) and therefore hide the true destination

  • This is a legitimate website being used for nefarious purposes by scammers to hide their intentions

  • For example the address of our web page can be shortened to http://gg.gg/AmazonPrimeRefund Try it, this link is safe!

  • You can see how a scammer can easily provide you with a very convincing web address

  • So gg.gg/amzpr3 simply re-directs you to a fake Amazon Prime web page amazonhelp.mobirisesite.com

  • MobiRise is a Free Website Builder platform, anyone can use it, including scammers #scammersaresmartAF

  • So, coming back to the fake Amazon Prime web page, the scammer will check what device/platform you are using then direct you to the appropriate link on the scam page, for a Windows computer you are asked to choose Service 1 which will then download the ubiquitous Anydesk Remote Access software which takes you to an innocuous looking web page with a BIG RED NUMBER

The Remote Access Web Page

  • This page is legit in the sense that remote support techs across the world use it solve technical issues with computers

  • Scammers use it to steal money from our bank accounts

  • If you tell the scammer the BIG RED NUMBER they will gain immediate control of your computer

  • Note that they don't tell you what they are doing

  • They tell you that they need you to tell them the "verification code" at the top of your screen

  • I have challenged Anydesk about the lack of warnings on this screen, at the very least they should display a warning as follows

  • "If you tell anyone this number they will gain immediate control of your computer" or some such

  • Anydesk did respond with a bland form response but otherwise ignored me!

  • The scammer will then direct you to the small padlock symbol at the right of the BIG RED NUMBER

  • When you click the padlock you will be given the opportunity to add a password

  • Note that they give you the password so of course they then know what it is!

  • They will also make sure that you choose the Unattended Access option without telling you exactly what that means

  • If you do everything the scammer tells you to do, they will have access to your computer anytime it is switched on and connected to the internet, whether you are in front of the computer or not!

Ending the Phone Call

So, it all gets very ugly if you follow their instructions. For me, I always get them to the point where they want the "verification number" and then I engage the scammer in a robust exchange of square words, I am a bit one-dimensional with my choice of words but the scammers often get very creative before they hang up!

Greg Williams 11 May 2022