Computer tech support scams have been around for years, and while the basic premise remains the same, they have evolved.
Early on, scammers sought victims by e-mail. More recently, they’ve cold-called people listed in public directories and on the national do-not-call list.
The latest mutation targets businesses, according to an alert by the Internet Crime Complaint Center, or iC3, on Wednesday.
In many scams, a company contacts you, assumes the identity of a major computer company, falsely tells you your computer has some grave deficiency and for a fee, the company offers to fix the problem.
The caller then gains access to your computer by directing you to a website and downloads malicious software. Various programs can root out your personal data, disable your computer’s security system or monitor your keystrokes. Sometimes you’re sold worthless software or software available for free elsewhere.
While regulators and computer companies have worked to combat the scams, the battle is far from over, in part because the only barriers to entry in the industry are a phone, a computer and a way to process credit card charges.
And profits are large. Tech support scams cost victims an average of $875, according to survey results released by the Microsoft Corp. in 2011.
Microsoft surveyed 7,000 computer users in the United States, Canada, Ireland and the United Kingdom. Fifteen percent had received a call from a tech support scammer. About one-fifth of those allowed access to their computers or divulged credit card information. The average cost to fix damage to computers was $4,800 in the United States.
“Microsoft and other companies have made positive progress in making their software more secure,” but “we have seen an increase in cybercrimes that use deception and social engineering schemes to exploit people,” according to a Microsoft spokesperson.
Victim directed to website
The latest ploy goes like this. Scammers call a business to say its computer system needs to be updated in order for wire transfer functions to work properly. The victim is directed to a website, told to open a program and log in, at which point the caller has access to the victim’s account, according to iC3.
One victim shut off his computer when he noticed remote activity, but not before “the caller had loaded $950 onto a prepaid credit card from the business’s account,” the iC3 alert said.
Vern Miller, of Plymouth, had become frustrated with the sluggishness of his computer. So he sought help from a company he said listed a telephone number on a pop-up ad and offered free technical support.
The person he called had a foreign accent, he said, and claimed he was a Microsoft technician located in New York who could download “all kinds of stuff to clear up [my] computer. ... Then they got ahold of my computer and they started writing something.”
He reluctantly provided his credit card number. A charge of $199 showed up on his bill with the merchant name of “Live Tech Help,” he said.
Whistleblower called a man named Carl, who identified himself as the customer service manager for Live Tech Help.
Carl wouldn’t give his last name but said that his company is legitimate and that he will reconnect with Miller regarding its 30-day refund policy. The company advertises through Google AdWords, he said. Live Tech Help, which Carl said is located in Connecticut, couldn’t be found in a state business-registration search.
Miller told Whistleblower he hasn’t seen his computer’s performance improve since paying the $199.
Shortly after the first interaction, Miller was called by someone allegedly located in Houston, Texas, who offered him tech support services. The address provided to Miller belongs to a business that offers “virtual office” space and services to companies that often have no physical address.
Later, another $190 charge showed up on Miller’s credit card bill, he said. He canceled the card, got the $190 charge reversed and had his bank account number changed because the account had been compromised, he said.
In October, the Federal Trade Commission announced that a U.S. District Court had frozen the assets of 14 companies and 17 individuals and ordered them to suspend activity pending trial. The companies allegedly used “telemarketing boiler rooms,” mainly in India. Some placed ads with Google “that appeared when consumers searched for their computer company’s real tech support number,” the FTC said.
The groups deceived tens of thousands of victims who were charged up to $330 to have nonexistent malicious software and viruses removed from their computers, the FTC said.
Mikael Marczak, doing business as Virtual PC Solutions, and Sanjay Agarwalla, parties to the 2012 lawsuits, settled with the FTC in April.
A judgment of $984,721 was entered against Marczak and one of his companies, but was suspended “due to their inability to pay the full amount,” the FTC said. They will instead “surrender almost all of their existing assets.” Agarwalla was fined $3,000.
Experts give advice
If someone calls and offers tech-support advice, hang up. Legitimate companies do not cold-call you and offer to fix a problem for a fee. Know that not all businesses that advertise online are legitimate.
Don’t click on pop-up ads or visit websites allegedly containing fixes for computer problems. Instead, contact a local repair shop or call your computer company directly.
If you’ve been victimized, change your passwords, contact your credit card company, file a complaint with the FTC and have your computer checked for malware.