FTC foils tech support scammers

4 Oct 2012

Irish victims of scammers who masqueraded as tech support operatives can breathe a sigh of relief after a major international effort led to the shutdown of six alleged fraudsters.

The Federal Trade Commission in the US announced a crackdown on the con yesterday, having requested a District Court Judge in New York to halt the operations and freeze the assets of six companies said to have been engaged in these bogus telemarketing activities.

The scams primarily targeted English-speaking consumers in the US, Canada, Australia, Ireland, New Zealand and the UK. Siliconrepublic.com reported on the fraud when it first surfaced in Ireland two years ago.

In a statement, the FTC said the telemarketers would allegedly claim to be affiliated with legitimate companies such as Dell, Microsoft, McAfee, and Norton, telling unsuspecting consumers they had detected malware that posed an imminent threat to their computers. 

According to the FTC, the scammers would offer to fix the problem at a cost to the consumer, ranging between US$49 and US$450.

FTC chairman Jon Leibowitz said: “The tech support scam artists we are talking about today have taken scareware to a whole other level of virtual mayhem.”

The FTC cases targeted 14 corporate defendants and 17 individual defendants in six legal filings: Pecon Software Ltd., Finmaestros LLC,  Zeal IT Solutions Pvt. Ltd., Virtual PC Solutions, Lakshmi Infosoul Services Pvt. Ltd., and PCCare247, Inc., and individual defendants in each of the cases. 

The FTC charged the defendants with violating the FTC Act, which bars unfair and deceptive commercial practices, as well as the Telemarketing Sales Rule and with illegally calling numbers on the Do Not Call Registry. It asked the court to permanently halt the scams and order restitution for consumers.

Effort in several countries

The international effort to take down the operations involved regulators in Australia and Canada, as well as the UK Serious Organised Crime Agency. Microsoft and other technology companies provided investigative assistance.  

Orla Cox, senior manager for Symantec’s security response team in Dublin, welcomed the takedown. “It’s been over two years that this has been going on, and we know it’s been going on up until recently, so the fact it’s been stopped will give people some respite,” she told Siliconrepublic.com.

Two years ago, Cox was part of a team at Symantec which contacted the scammers to find out more about how the fraud worked.

“When I called, they were looking for $150. They were trying to upsell the whole time with add-on services and two-year subscription services while you were talking to them. They were trying to do this to add legitimacy and at the same time taking more money for themselves. You’ve got to admire their audacity, in a way,” she said.

It’s not known how many Irish people fell for the scam, but Cox said some estimates suggest that more than 10,000 calls were made to numbers in Ireland. There was some speculation online that the scammers obtained Irish landlines from the telephone directory. However, it’s known that many people received scam calls to their mobiles, which are not published anywhere.

Cox said publicity about the case might make people less likely to fall for the fraud in the future. However, just as spam volumes tend to reduce after botnet takedowns, only to rise back up again later, she warned that similar tech-support scams are unlikely to disappear completely.

“I think it will lead to a big dropoff initially but I fear that we’ll see them trickling back again. The barriers of entry are quite low. They don’t need much skills, or technology or outlay to do this, and because they’re spread around the globe it can be difficult to track them down,” she said.

Gordon Smith was a contributor to Silicon Republic

editorial@siliconrepublic.com