Two firms have been fined $26 million by the US Federal Trade Commission (FTC) for scaring consumers into believing their computers were infected by malware.
The FTC claimed that Restoro Cyprus Limited and Reimage Cyprus Limited, both based in Cyprus, operated a tech support scam since at least 2018 that "bilked tens of millions of dollars from consumers... using false and unsubstantiated claims about the performance and security of consumers' computers."
The companies, which have a common ownership, are thought to have been particularly successful at scamming older consumers with fake Microsoft Windows pop-ups. The pop-ups claimed computers were infected with viruses and urged users to "scan" their PCs "to avoid more damage."
According to the FTC, the scareware messages appeared regardless of the actual health of consumers' computers, and lured unsuspecting users with the offer of a free scan or security update. The scan inevitably claimed to find performance or security issues that - it said - required urgent repair.
The "fix" supposedly required consumers to purchase software from Restoro or Reimage, costing between $27 and $58.
FTC investigators confirmed victims' claims by scanning a known virus-free computer and making undercover purchases of the software.
Each time, investigators reported that the scan highlighted numerous purported problems and security concerns, followed by advice to purchase repair software.
The investigation found that victims often spoke to Restoro and Reimage's telemarketers. The telemarketers tried to convince them that software alone could not fix the "problem" and that a Restoro or Reimage technician would need remote access to their computer - at an additional cost of hundreds of dollars.
The FTC's complaint showed that Restoro used Google search ads to direct computer users to its website.
If the proposed settlement is approved by a federal court, the FTC plans to use the $26 million fine paid by the companies to compensate scammed consumers and seeks a permanent injunction against the companies from engaging in similar deceptive practices in the future.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsNovember 14, 2024
September 06, 2024