How to Foil a Tech-Support Scam

Two years ago, an elderly man with a French accent called the office of E-Racer Tech, a Florida-based tech-support company. His computer was acting up, he said, and he needed a hand. The technician on the line asked a few questions, and then he agreed: The computer was in bad shape. Luckily, he knew just what to do.

The technician took over the man’s computer with a screen-sharing application and began to work. He deleted malicious files he found in a hidden “temp” folder, ran some scanning utilities, and installed Malwarebytes, a popular anti-virus tool, to keep the computer safe. Then came the bill: $500. Isn’t that a bit steep, the man asked? “Well,” said the technician, “It’s a long-term investment.” The customer paid up.

Unfortunately for E-Racer Tech, the older man with the accent wasn’t quite what he seemed. He was a researcher from Malwarebytes, and he’d been recording the entire encounter. The researcher made up a character who he knew was the perfect victim—an elderly, non-native English speaker who’s not confident around computers—and watched the E-Racer technician lie and scam him out of 500 bucks.

The files in the temp folder weren’t viruses—they were harmless odds and ends left over from editing or printing documents. And that copy of Malwarebytes the technician installed? Pirated. The real thing costs 25 dollars.

After the call, the research team at Malwarebytes did a little digging. They found that the technician had connected to their computer from an IP address located in Boca Raton, Florida. By cross-referencing the names of nearby tech-support businesses with consumer complaints, they found a trove of other suspicious-looking businesses, and added them to a blacklist on the Malwarebytes website.

Before long, Malwarebytes got a call from the Federal Trade Commission. The agency had its eye on one of the Florida-based companies Malwarebytes had blacklisted, OMG Tech Help, and wanted to hear what the researchers knew about it. Malwarebytes ran another sting operation, prepared reports and shared information, and, last summer, sent a researcher to testify against OMG Tech Help in a six-hour FTC deposition.

That researcher asked not to be named, because he’s still involved in ongoing cases at the FTC. He also said the nature of the scammers’ business made him nervous: The tech-support operation was just one in a “portfolio of scams,” he told me. The people behind it also ran other businesses that engaged in insurance fraud, for example, and some had even served jail time, he said. In a report to the FTC, “I insisted they do not reveal where I’m located,” the researcher said, “because I feared reprisals from those people.”

The two companies that got stung soon found themselves in court. Last year, Florida Attorney General Pam Bondi sued E-Racer Tech, along with three other tech-support organizations in South Florida, for deceptive marketing and sales. In the complaint, the state alleged that the company used pop-up ads to scare computer users into buying expensive anti-virus software and services, even when their computers were working just fine. (That case is ongoing, but E-Racer Tech could not be reached for comment.)  And this summer, OMG Tech Help settled the FTC’s charges that it was running a scam, and began turning over all of its assets.

According to new research from Malwarebytes, the fact that both companies were located in Florida isn’t unusual. While earlier generations of tech-support scams were generally based abroad—India was particularly known for them—the U.S. is now home to more and more such operations. Since Florida is already home to so many legitimate tech-support companies, scammy ones try to blend in there, said the Malwarebytes researcher who requested anonymity.

Some companies wait for customers to come to them with their computer problems, then scam them into buying bogus software or perform fake service on their computers. But others reel customers in by infecting their computers from afar, then prompting them with pop-ups to call their tech support number. In these cases, the support technicians may not even know that the customers were scammed into calling their company, and they actually provide excellent customer service. That keeps the company from triggering too much suspicion.

Malwarebytes researchers have detected a trend toward more and more malicious scams. Where once the companies only tricked people into thinking their computers were infected with terrible viruses and malware, now it's becoming more common for companies to actually infect them, and force them to call in order to reverse the damage.

With ransomware—a type of virus I’ve written about before—the scammers-turned-hackers can remotely lock up important files on a computer. As its owner panics, the scammers display a tech-support phone number onscreen, and when they get an eager call, they can help restore the files—for a fee, of course. Since the scammers are the ones that launched the “locker” attack, they’re in possession of the key that will free the files.

For now, U.S.-based scammers are avoiding these more invasive attacks. Locker-type scams mostly being launched from overseas, where attackers can more easily avoid getting in trouble for infecting American computers. Hacking charges in the U.S. are no joke.

Instead, domestic scammers prefer operating in a legal gray area that can keep them from getting in too much trouble if they wind up in court. If they provide genuine tech-support services and can confuse less-than-savvy judges with technical minutiae, they can escape punishment, the Malwarebytes researcher said. He cited a recent case that hinged on the definition of cookies, those ubiquitous data packets that allow you to remain logged into a site even after you restart your computer. Expensive lawyers hired by a company accused of scamming argued that the mere presence of cookies was grounds to scare potential customers into paying for virus-removal services. That’s not true—while cookies can be a privacy threat, they’re also necessary for smooth internet browsing—but the company won its case.

Nonetheless, tech-support scams are under more scrutiny from states and federal agencies that ever before. And as private security companies like Malwarebytes lend a hand—the company says it submits “daily reports” to the FTC about malicious activity on the internet—the crackdown appears to be accelerating. Still, next time an angry red pop up blares a message of digital woe across your computer screen, make sure it’s not lying to you.