After the call, the research team at Malwarebytes did a little digging. They found that the technician had connected to their computer from an IP address located in Boca Raton, Florida. By cross-referencing the names of nearby tech-support businesses with consumer complaints, they found a trove of other suspicious-looking businesses, and added them to a blacklist on the Malwarebytes website.
Before long, Malwarebytes got a call from the Federal Trade Commission. The agency had its eye on one of the Florida-based companies Malwarebytes had blacklisted, OMG Tech Help, and wanted to hear what the researchers knew about it. Malwarebytes ran another sting operation, prepared reports and shared information, and, last summer, sent a researcher to testify against OMG Tech Help in a six-hour FTC deposition.
That researcher asked not to be named, because he’s still involved in ongoing cases at the FTC. He also said the nature of the scammers’ business made him nervous: The tech-support operation was just one in a “portfolio of scams,” he told me. The people behind it also ran other businesses that engaged in insurance fraud, for example, and some had even served jail time, he said. In a report to the FTC, “I insisted they do not reveal where I’m located,” the researcher said, “because I feared reprisals from those people.”
The two companies that got stung soon found themselves in court. Last year, Florida Attorney General Pam Bondi sued E-Racer Tech, along with three other tech-support organizations in South Florida, for deceptive marketing and sales. In the complaint, the state alleged that the company used pop-up ads to scare computer users into buying expensive anti-virus software and services, even when their computers were working just fine. (That case is ongoing, but E-Racer Tech could not be reached for comment.) And this summer, OMG Tech Help settled the FTC’s charges that it was running a scam, and began turning over all of its assets.
According to new research from Malwarebytes, the fact that both companies were located in Florida isn’t unusual. While earlier generations of tech-support scams were generally based abroad—India was particularly known for them—the U.S. is now home to more and more such operations. Since Florida is already home to so many legitimate tech-support companies, scammy ones try to blend in there, said the Malwarebytes researcher who requested anonymity.
Some companies wait for customers to come to them with their computer problems, then scam them into buying bogus software or perform fake service on their computers. But others reel customers in by infecting their computers from afar, then prompting them with pop-ups to call their tech support number. In these cases, the support technicians may not even know that the customers were scammed into calling their company, and they actually provide excellent customer service. That keeps the company from triggering too much suspicion.