The Federal Trade Commission (FTC) just announced two enforcement actions against scammers who prey on people's fear of malware. In one case, the FTC says tens of thousands of consumers had been tricked into paying for virus and spyware removals when nothing was wrong with their computers. Even worse, computer owners gave bad guys full access to their machines.
Here’s how the scam works, according to the FTC:
[A]fter getting the consumers on the phone, the telemarketers allegedly claimed they were affiliated with legitimate companies, including Dell, Microsoft, McAfee, and Norton, and told consumers they had detected malware that posed an imminent threat to their computers. To demonstrate the need for immediate help, the scammers directed consumers to a utility area of their computer and falsely claimed that it demonstrated that the computer was infected. The scammers then offered to rid the computer of malware for fees ranging from $49 to $450. When consumers agreed to pay the fee for fixing the “problems,” the telemarketers directed them to a website to enter a code or download a software program that allowed the scammers remote access to the consumers’ computers. Once the telemarketers took control of the consumers’ computers, they “removed” the non-existent malware and downloaded otherwise free programs.
“[F]ive of the six used telemarketing boiler rooms to call consumers. The sixth lured consumers by placing ads with Google which appeared when consumers searched for their computer company’s tech support telephone number,” reported the FTC, in a statement.
The good news is that the FTC has effectively shut down and froze the assets of at least six of the operations pulling off this trick, most of which are located in India.
In the second case, a federal court imposed a $163 million judgment against an operation that used “scareware” to make people think their computers were infected with malware, then sold them software to remove it.
“...the operation used elaborate and technologically sophisticated Internet advertisements placed with advertising networks and many popular commercial websites. These ads displayed to consumers a ‘system scan’ that invariably detected a host of malicious or otherwise dangerous files and programs on consumers’ computers. The bogus ‘scans’ would then urge consumers to buy the defendants’ software for $40 to $60 to clean off the malware,” said the FTC, in a statement.
The worst part? More than one million people fell for the scam and coughed up the money.
Cracking down on scams like these is like playing a game of Whack-a-Mole, so there’s no question others are still up and running. Consider yourself warned—never trust a telemarketer who calls you claiming to have found malware on your computer, no matter what company they say they're from.
And never click on ads or popups online that claim to have found malware on your computer. No anti-malware program is capable of scanning your computer without your permission, and no reputable anti-malware company would market their products with ads scaring you into thinking you're infected.
If you're looking for malware protection, always go directly to the URL for one of the reputable providers. Many offer free PC scans right on their front page.
And if you want our recommendations for the best anti-malware, check out the Techlicious Computer Security Software Buying Guide 2012.