FTC launches crackdown on tech support scammers

Bob struggles with his hearing aids when he’s on the phone, he says.

“I’m surprised you didn’t give up on me!” he says to the pleasant young man and tech support scammer at Help Desk National who had just inflicted on his computer a remote administration tool (RAT), supposedly run diagnostics tests that spotted nonexistent malware, dissed the authentic security software on his system, and sold Bob a $500 “security app” at a “50% discount”.

Give up on Bob? No way, said the friendly, flattering, super-patient scam artist. Why, his own 89-year-old father is named Robert, but everybody calls him “Bob”, he says – just like the “cool cat” he just bilked out of $500. Bob sounds just like his dad on the phone. In fact, it felt like he was talking to his dad right now, scam man said.

And that is how the tech support scam works: all smarmy friendliness, all reassurances about quality work and rock-solid warranties for the “computer repair”, all infinite patience with the tentative, gullible elderly and/or technically inexperienced.

You can listen in on the 48-minute scam call yourself. The recording comes courtesy of the Federal Trade Commission (FTC), released as part of Operation Tech Trap (PDF): a broad crackdown on tech support scams both in the US and elsewhere.

On Friday, the FTC, along with federal, state and international law enforcement partners, announced that the coordinated effort includes 16 civil and criminal legal actions (PDF) – including complaints, settlements, indictments, and guilty pleas – against tech support scammers that trick consumers into believing their computers are infected with viruses and malware, and then charge them hundreds of dollars for unnecessary repairs.

The latest moves from law enforcement bring the total number of actions against scammers to 29 in the past year.

The FTC says the crooks’ modus operandi is to run ads that mimic pop-up security alerts from Microsoft, Apple, or other companies. The ads claim that computers are infected with malware or are under cyberattack. Some pop-ups even feature a countdown clock, supposedly showing the time remaining before the hard drive is toast. Want to avoid having your system fried? Better call that toll-free number quick, the pop-ups say. The numbers are supposedly affiliated with one of those big-name tech vendors.

Once they’ve got you on the phone, the fun really begins. Operators claim to need remote access to people’s computers so they can run “diagnostic tests”. Of course those tests reveal dire problems that can only be solved by one of their “certified technicians” – for a hefty fee. The scam call with Bob is a classic example of the strong-arm tactics these companies use to get their victims to fork over hundreds of dollars for unnecessary repairs, anti-virus protection or software, and other products and services.

Presumably, the supposedly victimized “Bob” in the FTC’s example recording was an actor/law enforcement agent (a really convincing one!) and not an actual 90-year-old who got bilked for a total of $500. At any rate, that $500 the scammer charged to Bob’s credit card was for the bogus diagnostics, the bogus repair, and some bogus security software.

That’s actually pretty pricey for a tech support scam. The average price for one of these scam “fixes” is $290.90. That’s what researchers at Stony Brook University found recently after they cooked up a robot to automatically crawl the web to find tech support scammers and to discern where they work, what tools they use, and how they monetize their scam.

If you get a call or pop-up

The FTC has updated its advice on what you can do to protect yourself. Here’s what it’s telling consumers:

• If you get an unexpected or urgent call from someone who claims to be tech support, hang up. It’s not a real call. And don’t rely on caller ID to prove who a caller is. Criminals can make caller ID seem like they’re calling from a legitimate company or a local number.
• If you get a pop-up message that tells you to call tech support, ignore it. There are legitimate pop-ups from your security software to do things like update your operating system. But do not call a number that pops up on your screen in a warning about a computer problem.
• If you’re concerned about your computer, call your security software company directly – but don’t use the phone number in the pop-up or on caller ID. Instead, look for the company’s contact information online, or on a software package or your receipt.
• Never share passwords or give control of your computer to anyone who contacts you.
• Get rid of malware. Update or download legitimate security software and scan your computer. Delete anything the software says is a problem.
• Change any passwords that you shared with someone. Change the passwords on every account that uses passwords you shared.
• If you paid for bogus services with a credit card, call your credit card company and ask to reverse the charges. Check your statements for any charges you didn’t make, and ask to reverse those, too. Report it to ftc.gov/complaint.