Risk
10/4/2012
11:21 AM
Connect Directly
RSS
E-Mail
50%
50%

FTC Disconnects Tech Support Telemarketing Scams

Federal Trade Commission complaint names six businesses with operations in U.S. and India that tricked consumers into spending hundreds of dollars on bogus technical support.

11 Security Sights Seen Only At Black Hat
11 Security Sights Seen Only At Black Hat
(click image for larger view and for slideshow)
Hang up on unsolicited phone callers bearing tech-support advice, and beware any search engine advertisement purporting to offer such services.

Those are two takeaways from a Wednesday announcement by the Federal Trade Commission that it has filed complaints against 14 corporate defendants and 17 individual defendants, in six different legal filings. At the request of the FTC, a federal judge has also frozen the businesses' assets, and instructed the defendants to immediately cease all of their related activities.

"The FTC has been aggressive--and successful--in its pursuit of tech support scams," said FTC chairman Jon Leibowitz in a statement. "The tech support scam artists we are talking about today have taken scareware to a whole other level of virtual mayhem."

According to the FTC, tens of thousands of English-speaking consumers in the United States, as well as Australia, Canada, Ireland, New Zealand, and the United Kingdom, were conned by bogus technical support operations--largely based in India--into paying between $49 and $450 for fake services.

"When consumers agreed to pay the fee for fixing the 'problems,' the telemarketers directed them to a website to enter a code or download a software program that allowed the scammers remote access to the consumers' computers," according to the FTC. "Once the telemarketers took control of the consumers' computers, they 'removed' the non-existent malware and downloaded otherwise free programs."

[ Read Microsoft Windows Support Call Scams: 7 Facts. ]

Five of the six scam operations named in the FTC's court filings used telephone boiler room operations, according to court documents, while the sixth operation commissioned sponsored Google search results to add credibility to its operations.

According to the FTC complaint, filed in the U.S. District Court for the Southern District of New York, the defendants violated both the FTC Act, which prohibits unfair or deceptive commerce, as well as the Telemarketing and Consumer Fraud and Abuse Prevention Act, which prohibits abusive or deceptive telemarketing. According to court documents, the scammers helped disguise their identities and true locations by using virtual offices that were essentially mail-forwarding operations, together with 80 different domain names for the websites they used to market their activities, as well as 130 different phone numbers.

In the case of the sixth operation--involving PC Care247 and Connexxions--court documents alleged that the defendants "operate a massive scheme that tricks consumers into spending approximately $139 to $360 to fix non-existent problems with their computers," in part by preying on people's fears that their PC might be infected by spyware or malware. "The defendants scare consumers into believing that their computers are in imminent danger of crashing to sell consumers otherwise free software protection products and unnecessary computer security or technical support services," according to the FTC complaint.

According to court documents, PC Care247 and Connexxions also paid Google over $1 million in sponsored advertising fees to make their advertisements appear when consumers searched for technical support services, including "virus removal" and "how to get rid of a computer virus," as well as for searches involving well-known security products, such as "Avast phone number," "McAfee Customer Support," and "Norton Support." But the FTC's complaint said that the search advertisements were often worded to appear as if they were really the tech-support operations of "McAfee, Symantec, Dell, or Microsoft" themselves, returning results such as "Contact McAfee Support" which instead led directly to the scammers' website.

The FTC's wide-ranging investigation saw the agency work with the Australian Communications and Media Authority and the Canadian Radio-television and Telecommunications Commission, both of which filed administrative actions against some of the defendants for having violated the countries' Do Not Call laws. The FTC also worked with the U.K. Serious Organized Crime Agency, and Microsoft.

Some of the defendants named in the complaint reside in the United States, while others reside in India but have transacted related business "throughout the United States," using businesses based in both countries that have "commingle funds," said the FTC.

The full list of U.S. businesses named in the FTC's complaints are Connexxions Infotech (a.k.a. Connexxions USA) in California, Finmaestros (a.k.a. technogennie, 24x7pchelp, 24x7pctech, Transfront Solutions) in Florida, Megabites Solutions in South Carolina, New World Services in Wyoming, New York-based PCCare247 USA, and Virtual PC Solutions (a.k.a. Virtual PC Solutions, First PC Solution, Direct PC Solution, Virtual IT Supports, Global Innovative Services).

Businesses named in the complaints that are based in India are Connexxions InfoTech Services (a.k.a. Connexxions India), Greybytes Cybertech (a.k.a. Bluesystemcare, BSC, 24x7 PCHelp), Lakshmi Infosoul Services, PC Care247 Solutions (a.k.a. PC Care247 India), Pecon Software, and Zeal IT Solutions. One complaint also named Pecon Software UK, based in Great Britain.

Despite the FTC's crackdown, tech-support telephone scams remain alive and well, no doubt because the barrier to entry--scammers need only a telephone and credit-card processing capabilities--remains so low. "Some people tried to hit me with the same trick a few days ago," emailed one InformationWeek reader Wednesday. "They said they were representatives of HP."

The FTC's tech support crackdown follows a Tuesday announcement that a federal court agreed with the agency's proposed judgment of $163 million against three ringleaders of a scareware operation that tricked over one million consumers into purchasing fake security software.

Cybersecurity, continuity planning, and data records management top the list in our latest Federal IT Priorities Survey. Also in the new, all-digital Focus On The Foundation issue of InformationWeek Government: The FBI's next-gen digital case management system, Sentinel, is finally up and running.. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
indianeo
50%
50%
indianeo,
User Rank: Apprentice
7/29/2014 | 3:07:27 PM
Scam Tech Supports Changes Name Quickly
Like PC Care24by7 becomes VSupport llc and Started scamming again. Same guys same companies all operations similar!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5485
Published: 2014-09-30
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.

CVE-2012-5486
Published: 2014-09-30
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

CVE-2012-5487
Published: 2014-09-30
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.

CVE-2012-5488
Published: 2014-09-30
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

CVE-2012-5489
Published: 2014-09-30
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.