Yesterday we learned Innovative Marketing, a firm that developed scareware programs, has to pay a fine of $163 million. In the comments of the article, Rob mentioned another scareware scam — “tech support” calling up people, telling them there are issues with their computers, and charging them for the privilege of fixing fake repairs. I’m not sure if Rob is psychic or if he secretly works with the American government but, as it turns out, the FTC — Federal Trade Commission of USA — has received thousands of complaints about these cold-calling, fake tech support. As such, today the FTC has announced six lawsuits that it is filing against fourteen companies and seventeen individuals that take part in these scareware tech support activities.
According to the FTC, the companies, mostly based in India, use various different techniques to trick people in the United States, Canada, Australia, Ireland, New Zealand, and the U.K. into into ponying up for fake tech support. One company is alleged to purchase millions of dollars worth of ads on Google claiming to be tech support for major software companies, e.g. searching “Contact McAfee Support” on Google brings up an ad for the scareware company. The ads lead to websites controlled by the company which list contact information and encourages users to call the toll-free numbers to get tech assistance. Other companies did (do) “cold calls”, randomly calling people and telling them there are issues with their computer.
In almost all the cases, the fake tech support would talk to an oblivious victim on the phone and direct him/her to a completely normal Windows error log on his/her computer. The fake tech support would then tell lies to the computer user, ranging from “hackers are accessing your computer” to “your computer will blow up”, and use the normal but weird looking error log as proof. Once convinced, the fake tech would direct users to a website and tell the users to download remote access software that the fake tech use to “diagnose” the computer issues. After remotely connecting and performing fake solutions, the fake tech support would try to sell expensive support or software solutions to the user for either fixinx the “issues” the user is having currently or to stay safe from these “issues” in the future. In reality, the victims don’t suffer from computer issues and, as such, the support or software the companies sell doesn’t really do anything.
The following is a recording of a phone conversation between one such fake tech support and an undercover FTC agent:
Defendant: OK, so now what you need to do, madam, you need to scroll down the page very slowly, very carefully from your end, and you need to just pull it down and tell me if you can see anything else other than the blue color information over there or not. And if you see anything else over there, let me know.
FTC agent: OK. Hold on, I’m doing that.
Defendant: Very careful, all right.
FTC agent. [Pauses]. Ummm, let’s see. Oops! Hold on.
Defendant: Uh huh.
FTC agent: Umm, I see something that says “warning”? And something that says “error”?
Defendant: Jesus! Did you see some warnings?
FTC agent: Yeah it says…
FTC agent: Yeah it says “warning.”
Defendant: Madam, it would be my humble request to you, please do not try to click on any of them, OK?
FTC agent: OK.
Defendant: And it would be my request that you keep your mouse pointed away from them, because they are the malicious online infections I was speaking about. Once you click on any of them your computer might even stop responding at any point in time. So be very careful, OK?
FTC agent: OK. I’m not touching the mouse!
Defendant: If you have already seen them this means your computer is also one of those computers which has been infected with the online infections, OK?
As the chairman of the FTC puts it “at one level that’s like a bad Bollywood movie but at another level, that’s a serious ripoff of consumers”.
Aside from charging the fourteen companies and seventeen individuals with violating the FTC Act “which bars unfair and deceptive commercial practices”, the FTC is charging them with violating the Telemarketing Sales rule by “illegally calling numbers on the Do Not Call Registry”.
The legal action by the FTC has resulted in a judge granting an order to temporarily freeze and confiscate $188,000 worth of assets belonging to the accused, and shutting down their operations. It isn’t entirely clear how much farther the FTC can reach with this, seeing as most of the companies are based in India, but other governments are playing along — Canada and Australia have also gone after the companies, while the UK (and companies such as Microsoft) assisted the FTC in its investigation.
On the bright side, as Microsoft Director of Consumer Affairs Frank Torres points out, the ramifications of these fake tech support companies could have been a lot worse. As odd as it may sound, it is actually a good thing these companies were only after making money by selling support or software for fixing fake solutions. By granting remote access to these fake techs, people were literally compromising their computer security because anyone with remote access can access anything on the computer. More malicious people could have done a lot more damage than steal a few hundred dollars. How’s that for silver lining.