14 DAY TRIAL // Tech support scams are very profitable, as demonstrated by a recent operation, run from Florida, USA, that managed to sell at least $230,000 / €171,000 worth of unlicensed Malwarebytes software.
The scammers would find various ways to drive users to call their fake tech support service and convince them to buy computer unlicensed security products, at a higher price than the original software.
This particular fraudulent operation caught the attention of Malwarebytes security researcher Jerome Segura, who started to gather information about the company perpetrating the scam and how it operated.
He discovered the firm was based in the US, and that, in order to avoid getting caught, they would not call their victims, but instead wait to be contacted by the users in distress, who would be alerted of virus infection through various methods.
Segura lists three such methods: ads in Google or Bing search results targeting certain popular keywords (i.e. FBI virus, Netflix support), free registry cleaners/optimizers generating a misleading number of errors and borderline fake/fraudulent pages designed to scare the user.
Regardless of the method used, fake virus alerts accompanied by a tech support phone number would be presented to the potential victim.
Once the contact is established, if the victim needs further convincing, the crooks may run legitimate remote access tools to show signs of “infection.” Thus, they present the user with screens from various utilities available in Windows that look as if the PC is malware-laden.
According to Segura, in this particular case, calling the support line got them in touch with a help desk member claiming that his company was affiliated with Microsoft.
In fact, the help desk was from E-Racer Tech (a.k.a. Clean IT PC) company and tried to convince innocent computer users to buy software for cleaning the PC of malware.
They sell virus removal products, which are often free of charge or at a much lower price, for hundreds of dollars. Segura found that E-Racer Tech sold unlicensed copies of Malwarebytes Anti-Malware for $99 / €73.70, when the product is available directly from the vendor for only $24.95 / €22.95.
A conversation with support staff from this company revealed to the security researcher that the technician would casually lie the unsuspecting user to make them believe that the malware threat was real and that they provided legitimate support for the problem.
He also discovered that the scammers delivered unlicensed copies of the product. When you buy Malwarebytes Anti-Malware Premium, you are authorized to use the same license key for only 3 PCs.
“We checked the key and found it had been used 2,341 times in the past few months. At $99 per customer (the price they are charging), we estimate that adds up to $231,759 / €172,470 worth in sales for a single Malwarebytes license key!” he said.
Malwarebytes has identified the LogMeIn codes used by the scammers to remotely access the victim’s PC, in the hope that the company would terminate their accounts.
There are multiple fraudulent tech support companies based in the US, and some of them have even received positive reviews from customers that were happy their problem was solved, a problem that never existed in the first place. Because the person at the other end has an American accent, the trust level is automatically increased and the success of the fraud is higher.
“But, what these victims may not see and what we decided to expose here, is how some dishonest tech support companies have trained their staff to fabricate lies in order to scare their prospect customers into paying a lot of money for a service they may actually not need,” says Segura.
