FTC hits scary tech support scammers that make 'virtual mayhem'
Telemarketers pose as tech reps from Microsoft or Symantec, bilk consumers in U.S., U.K., elsewhere for hundreds of dollars to make fake repairs
Computerworld - U.S. officials today struck at six long-running scams, freezing assets of 14 companies charged with bilking consumers by posing as tech support from Microsoft, Symantec and others.
In a press conference, the Federal Trade Commission said at the agency's request a federal judge had issued restraining orders and frozen the assets of more than two dozen companies and individuals.
"The tech support scam artists we are talking about today have taken scareware to a whole other level of virtual mayhem," said FTC chairman Jon Leibowitz, in a statement.
The scammers cold-call consumers posing as representatives of major technology companies, including Dell, McAfee, Microsoft and Symantec, telling them that their Windows PCs are infected with malware and offering to help them scrub their machines -- for a price.
According to the FTC, most of the scams it hit operated out of India and targeted consumers in Australia, Canada, the U.K., U.S., and other English-speaking countries.
In court papers, the FTC said the scammers ran their schemes from "virtual offices" -- just mail-forwarding outlets -- used 80 different domain names for their bogus websites, and relied on 130 different phone numbers, all part of an attempt to evade the law.
The trick isn't new. It's been in circulation for at least two years. Computerworld regularly receives email from people reporting they fell for the scam and asking for advice on how to get back their money.
In the ploy, the callers try to fool users into believing that their computer is infected, saying they've monitored malicious activity on the PC. The impersonation of an employee of Microsoft or antivirus software giant Symantec gives credence to the tale. At times, the scammers say that they're just calling on behalf of, say, Microsoft, or that they're only affiliated with a name-brand company, like Symantec.
To prove that the consumer's PC is infected, the scammers ask users to open Windows' Event Viewer, a utility that logs significant events on the PC, including program errors. The logs typically contain scores of errors, virtually all of them harmless. But to many users, they may look alarming.
Once the telemarketers convince a user that his machine is riddled by malware, they steer them to a website to download software that then lets the bogus "technician" remotely access the PC.
The con artists charge for their "help," and load the PC with worthless software. In some cases, that's malware that steals online account information and passwords.
According to the FTC's allegations, the six scamming operations charged between $49 and $450 for their "expertise," pressuring consumers into buying a long-term security contract, buying security software or paying for phony "repairs" that amounted to deleting a few innocuous files.
Those who balked, said the FTC, were pressured, and told "about the harm that will come to their computers if they do not allow the Defendants remote access to fix the computers," the court documents read.
Leibowitz estimated that the global victim count could be in the tens of thousands, but warned that the actual number could be "significantly higher."
That's what Microsoft said last year.
Polls conducted by the Redmond, Wash., software developer in mid-2011 showed that 15% of those surveyed in Canada, Ireland, the U.K. and the U.S., said they had received unsolicited calls from fraudsters posing as support technicians. Of the people who took such calls, 22% admitted to falling for the scam, Microsoft said.
The assets the FTC has frozen will be used to refund money to victims, whom the agency is trying to identify. So far, the FTC has seized approximately $180,000.
The FTC also said that it was working with Indian authorities.
Microsoft assisted the agency in its investigation, primarily by providing information on the scams, as did other companies. Microsoft was also a declarant in the case.
"I want to commend the FTC for its actions to fight phone scams, which are an emerging form of Internet fraud, and to protect people from these dangerous cybercriminal schemes," said Frank Torres, senior policy counsel at Microsoft, in remarks at the press conference.
Last year, Microsoft said victims, on average, suffered an $875 loss, including compromised passwords, balky computers, identity fraud and cash pilfered from their bank accounts.
Leibowitz urged consumers who received one of these calls to hang up and report the scam to his agency.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts