Regulators from five countries including the US FTC have announced a crackdown on six scareware operations that imitated tech support agents to trick unwitting users into paying for the removal of fake malware. The scammers were mostly based in India and targeted English-speaking computer owners in the US, Canada, the UK, Ireland, Australia and New Zealand. Five of the six operations used what the FTC describes as telemarketer boiler rooms to call users. The sixth focused on bogus Google ads.
Posing as support from companies such as Dell and Microsoft, the scammers directed victims to Windows' Event Viewer to use what were generally innocuous warning and error logs as proof of an infection. Once convinced their systems harbored malware, victims paid clean-up fees of $49 to $450 and aided the criminals with establishing a remote connection. The scammers then pretended to remove the viruses and installed free programs (presumably real security software, but the FTC doesn't say).
Surprisingly, there's no mention of the culprits using the remote connection to install malware, which probably would've been more lucrative. The FTC has identified at least 2,400 cases related to these firms in the US alone, though the agency has heard over 40,000 complaints about this type of fraud. The scammers reportedly used 80 different domain names, 130 different phone numbers and virtual offices that were actually just mail-forwarding facilities to dodge authorities, but it seems their luck ran out.
"The FTC charged the defendants with violating the FTC Act, which bars unfair and deceptive commercial practices, as well as the Telemarketing Sales Rule and with illegally calling numbers on the Do Not Call Registry. It asked the court to permanently halt the scams and order restitution for consumers," the FTC said. Seeking to permanently halt the operations and win restitution for victims, the agency has filed six cases against 14 corporate defendants and 17 individual defendants in a New York district court.
Partial exchange between an investigator and one of the scammers
Note: Apologies for autoplay. There's no obvious way to disable it and the video is too amusing to exclude.