The shakedowns rely on a combination of bald-faced lies, half-truths and pushy sales tactics. Cold callers pose as computer support technicians, most often claiming to be from Microsoft or an approved partner, and try to convince victims that their computer is infected, usually by having them look at a Windows log that typically shows scores of harmless or low-level errors, but have nothing to do with malware. At that point, a frenzied sale pitch starts, as the caller badgers the user into downloading software or letting the "technician" remotely access the PC to "clean" the machine.
The fraudsters charge for their worthless help or sell subscriptions to semi-useless or totally-bogus services, and sometimes install malware on PCs while they control the systems.
Tech support scams became common in 2010, picked up enough steam in 2011 to prompt a real alert from Microsoft about the practice, and in 2012 triggered an investigation by the U.S. Federal Trade Commission (FTC) of six operators, all in India. Last year, the FTC settled with some of the alleged scammers, but even stiff penalties have done nothing to stem the tide.
Microsoft repeated a warning in May, saying the fraud showed "no signs of slowing down." Computerworld constantly receives emails from readers of past news stories about the scams, describing how they either stymied the criminals or were duped out of hundreds of dollars.
"Unfortunately, I was the victim of a recent scam of two men posing as Microsoft Tech Support claiming to be helping me fix my computer," reported Claire in an email yesterday. "They ... tricked me into paying what I thought was ¬8 but to my horror [it] turned out to be a hell of a lot more deducted from my account."
Unlike Claire, Segura knew what he was getting into. Even so, he purchased the $199 tech support package to document his probe. In a long blog post published Friday, Segura included the emailed receipt, as well as excerpts from his conversation with a technician.
He rang the various numbers listed on the "Warning!" websites multiple times, Segura said, and always reached a "help desk" that recommended E-Racer Tech. "They said 'We recommend you go to Best Buy, or we have this company,'" Segura said, citing one conversation with a technician. "But we know that they're related. We called the phone number for E-Racer and got the same 'help desk.'"
In fact, the help desk at the other end of the toll-free numbers and E-Racer Tech were one and the same. "They're trying to make it look like two different entities, when there is just one. It's meant to make the victims believe they talked to different parties and that E-Racer Tech is recommended by Microsoft's help desk," said Segura. He speculated that the tactic was designed to keep the scam under the radar or let the operators hide behind plausible deniability.
Although some of the tactics were identical to those used by the more familiar Indian outfits, including the use of shady affiliate networks to drive traffic to the "Warning!" websites, ditching the cold-call approach was another way to avoid notice. Cold-called support calls, he pointed out, have a lousy reputation because of the Indian scammers.
"Companies have identified this business model, where they get people on the phone, show them fake errors or viruses, and try to pitch very expensive services and packages," said Segura. "They seem to typically target the elderly."
Even the quality of the service was used to mask the real profit machine. "The technician was actually pretty good," Segura said. "He took the time to give some good advice. But I think that time is spent to keep the company under the radar by making it look like they're honest."
Malwarebytes said it had sent E-Racer Tech a cease-and-desist letter two weeks ago regarding the pirated key for Malwarebytes Anti-Malware Premium, but had not heard back from the firm.
E-Racer did not reply to a request for comment emailed on Saturday.