At the boiling point about "tech support" boiler rooms

For most consumers, the scam started with a disturbing phone call.  We’re from Microsoft (or Dell or Norton or McAfee), the “tech support” person on the line said, and we’ve detected a serious problem with your computer.  To underscore the need for immediate action, the caller directed people to a particular location on their computers and claimed that the presence of certain files — often accompanied by red Xs, yellow triangles, and other ominous features — was proof that their computers were riddled with malware and in imminent danger of crashing.  "Tech support" promised to correct the issue if people gave them permission to access their computers remotely and paid for the service.  After some virtual smoke and mirrors — and hundreds of dollars later — the caller claimed to have fixed the “problem.”

But according to law enforcement actions filed by the FTC, the only problem consumers had was picking up the phone when they were cold-called by international scammers (mostly India-based) who targeted people in the United States, Canada, Australia, Ireland, New Zealand, and the U.K.  What about those dangerous files “tech support” claimed to spot on people’s computers?  It was the Event Viewer, innocuous notifications that are part of the day-to-day administration of most computer operating systems.  And those “fixes”?  Pretty much useless, according to the complaints.

In lawsuits targeting 14 corporate defendants and 17 individuals, the FTC charged that companies used telemarketing boiler rooms to call consumers, many of whom had phone numbers on the National Do Not Call Registry.  The FTC also says another defendant lured consumers by placing ads with Google that appeared when consumers searched for their computer company’s real tech support number.  The FTC alleges that the scammers used a web of subterfuge to avoid detection, including 80 different domain names, 130 different phone numbers, virtual “offices” and mail forwarding facilities.

Underscoring the international nature of the operations, FTC Chairman Leibowitz announced the cases today along with law enforcement partners from Australia and Canada.  A federal judge in New York has ordered a halt to the alleged scam pending further hearings and has frozen the defendants assets.

So what can businesses take from the announcement?  First, be clear with your customers about how and when you’ll contact them if there’s a problem.  There’s no one-size-fits-all defense to phishing scams, but it helps if customers know how to contact you directly to verify if a call or email is legit.  Second, tech support scams like this can harm your business financially.  Consumers who are once bitten are twice shy about opening their wallets.  Educating them about the latest forms of fraud can help empower them to spot scammers.  One resource you can share:  OnGuardOnline.gov, the federal government’s website to help people stay safe and secure online.