How to Foil a Tech-Support Scam

Alex Cossio/AP File Photo

Fraudsters are getting cleverer and more aggressive—but the government is cracking down.

Two years ago, an elderly man with a French accent called the office of E-Racer Tech, a Florida-based tech-support company. His computer was acting up, he said, and he needed a hand. The technician on the line asked a few questions, and then he agreed: The computer was in bad shape. Luckily, he knew just what to do.

The technician took over the man’s computer with a screen-sharing application and began to work. He deleted malicious files he found in a hidden “temp” folder, ran some scanning utilities, and installed Malwarebytes, a popular anti-virus tool, to keep the computer safe. Then came the bill: $500. Isn’t that a bit steep, the man asked? “Well,” said the technician, “It’s a long-term investment.” The customer paid up.

Unfortunately for E-Racer Tech, the older man with the accent wasn’t quite what he seemed. He was a researcher from Malwarebytes, and he’d been recording the entire encounter. The researcher made up a character who he knew was the perfect victim—an elderly, non-native English speaker who’s not confident around computers—and watched the E-Racer technician lie and scam him out of 500 bucks.

The files in the temp folder weren’t viruses—they were harmless odds and ends left over from editing or printing documents. And that copy of Malwarebytes the technician installed? Pirated. The real thing costs 25 dollars.

After the call, the research team at Malwarebytes did a little digging. They found that the technician had connected to their computer from an IP address located in Boca Raton, Florida. By cross-referencing the names of nearby tech-support businesses with consumer complaints, they found a trove of other suspicious-looking businesses, and added them to a blacklist on the Malwarebytes website.

Before long, Malwarebytes got a call from the Federal Trade Commission. The agency had its eye on one of the Florida-based companies Malwarebytes had blacklisted, OMG Tech Help, and wanted to hear what the researchers knew about it. Malwarebytes ran another sting operation, prepared reports and shared information, and, last summer, sent a researcher to testify against OMG Tech Help in a six-hour FTC deposition.

That researcher asked not to be named, because he’s still involved in ongoing cases at the FTC. He also said the nature of the scammers’ business made him nervous: The tech-support operation was just one in a “portfolio of scams,” he told me. The people behind it also ran other businesses that engaged in insurance fraud, for example, and some had even served jail time, he said. In a report to the FTC, “I insisted they do not reveal where I’m located,” the researcher said, “because I feared reprisals from those people.”

The two companies that got stung soon found themselves in court. Last year, Florida Attorney General Pam Boni sued E-Racer Tech, along with three other tech-support organizations in South Florida, for deceptive marketing and sales. In the complaint, the state alleged that the company used pop-up ads to scare computer users into buying expensive anti-virus software and services, even when their computers were working just fine. (That case is ongoing, but E-Racer Tech could not be reached for comment.)  And this summer, OMG Tech Help settled the FTC’s charges that it was running a scam, and began turning over all of its assets.

According to new research from Malwarebytes, the fact that both companies were located in Florida isn’t unusual. While earlier generations of tech-support scams were generally based abroad—India was particularly known for them—the U.S. is now home to more and more such operations. Since Florida is already home to so many legitimate tech-support companies, scammy ones try to blend in there, said the Malwarebytes researcher who requested anonymity.

Some companies wait for customers to come to them with their computer problems, then scam them into buying bogus software or perform fake service on their computers. But others reel customers in by infecting their computers from afar, then prompting them with pop-ups to call their tech support number. In these cases, the support technicians may not even know that the customers were scammed into calling their company, and they actually provide excellent customer service. That keeps the company from triggering too much suspicion.

Malwarebytes researchers have detected a trend toward more and more malicious scams. Where once the companies only tricked people into thinking their computers were infected with terrible viruses and malware, now it's becoming more common for companies to actually infect them, and force them to call in order to reverse the damage.

With ransomware—a type of virus I’ve written about before—the scammers-turned-hackers can remotely lock up important files on a computer. As its owner panics, the scammers display a tech-support phone number onscreen, and when they get an eager call, they can help restore the files—for a fee, of course. Since the scammers are the ones that launched the “locker” attack, they’re in possession of the key that will free the files.

For now, U.S.-based scammers are avoiding these more invasive attacks. Locker-type scams mostly being launched from overseas, where attackers can more easily avoid getting in trouble for infecting American computers. Hacking charges in the U.S. are no joke.

Instead, domestic scammers prefer operating in a legal gray area that can keep them from getting in too much trouble if they wind up in court. If they provide genuine tech-support services and can confuse less-than-savvy judges with technical minutiae, they can escape punishment, the Malwarebytes researcher said. He cited a recent case that hinged on the definition of cookies, those ubiquitous data packets that allow you to remain logged into a site even after you restart your computer. Expensive lawyers hired by a company accused of scamming argued that the mere presence of cookies was grounds to scare potential customers into paying for virus-removal services. That’s not true—while cookies can be a privacy threat, they’re also necessary for smooth internet browsing—but the company won its case.

Nonetheless, tech-support scams are under more scrutiny from states and federal agencies that ever before. And as private security companies like Malwarebytes lend a hand—the company says it submits “daily reports” to the FTC about malicious activity on the internet—the crackdown appears to be accelerating. Still, next time an angry red pop up blares a message of digital woe across your computer screen, make sure it’s not lying to you.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.