How to Sign In
Cengage Technology & Computing Blog
cancel
Showing results for 
Search instead for 
Did you mean: 
X
Security Scan Scam
Scholar
660 Views
5 Comments

[Reading Time - 2 minutes 32 seconds]

 

Let's face it: most computer users are stumped when it comes to security (and, with the rapid increase of new attacks that occur on a daily basis, many security professionals find it hard to keep up, too). So, if a user suspects that their computer may be infected with malware, where do they turn? Many users head for a local computer or electronics store for help. That seems like a reasonable place to have your computer checked out and, if necessary, cleaned up.

 

Well, think again.

 

On Wednesday (Mar 27 2019) the Federal Trade Commission (FTC) charged Office Depot and a partner company, Support.com, with tricking customers into buying unneeded technical services. Many of these services were advertised as identifying and fixing a computer that had some type of malware infection. In some instances, customers were charged up to $300.

 

While that is bad enough, how and why they did it shows just how low they stooped.

 

First, the how.

 

A customer would go to a local Office Depot store with their computer that they suspected something was not right. The Office Depot "tech experts" would install and run the software "PC Health Check" on the computer. Although the customers were told the "value" of the scans were $20-$60, the tech experts would run the scan for free just to help out this poor customer. The first screen asked four questions and the customer was asked to check all that apply:

 

  • Frequent pop-ups or other problems that prevent me from browsing the Internet
  • My PC recently became much slower or is too slow to use
  • I am often warned of a virus infection or I am asked to pay for virus removal
  • My PC frequently crashes

But here's the kicker: PC Health Check was configured to tell consumers their computers were infected regardless of what any scan showed. If a customer checked any of the boxes of the questions, then the software would automatically--and falsely--claim that "malware symptoms" or "infections" on their computer had been uncovered.

 

The PC Health Check software also displayed a "view recommendation" button with a detailed description of the services that customers needed to then purchase in order to fix the problems. But the services did absolutely nothing (some later versions of the software did some limited optimizations like removing junk files and reconfiguring certain settings). And of course, the services cost hundreds of dollars to fix non-existent problems. One Seattle TV station that was investigating this scam back in 2016 brought a brand-new just-out-of-the-box computer that had never been used--and PC Health Check said it needed work!

 

And why did Office Depot do this?

 

You guessed it: money.

 

The Office Depot corporate office instructed its store employees to convert half or more of all PC Health Check runs into tech-support service sales. Employees who pushed the scans got "positive performance reviews" and "extra commissions" if they "met their weekly PC Health Check runs and tech-support service sales goals. Store managers and store employees who continually failed to meet these company-wide targets were reprimanded and were said to be "underperforming." In the words of the FTC, Office Depot "instructed its stores collectively to raise millions of dollars in profit by increasing the number of PC Health Check services performed and the rate of converting the PC Health Check services into tech-service sales."

 

The FTC announced that Office Depot and Support.com have agreed to pay a total of $35 million in settlements. The FTC said it intends to use the money to provide refunds to customers. However, neither company admitted or denied the FTC's allegations (but they're going to pay up anyway).

 

What an awful security scan scam. So, think twice about taking your computer in for a "free" checkup.

5 Comments
Cengage

Hi Mark!  Thanks for this.  That is a scary thought.  I've also heard some unsettling things about services from a certain squad at another big box store.  So where should the average consumer go when something is not right with their computer?  Where should they look?

Contributor

@Mark_Ciampa Thanks for sharing!

Scholar

Hi, Jill:

That's a great question about what alternatives to consider. Three thoughts come to my mind when dealing with a computer that may be infected with malware.

 

First, for someone who may not feel "tech savy" enough to tackle it on their own, they might contact their IT department where they work. In an enterprise environment, most businesses are glad to help users with their person equipment, if for no other reason because that personal equipment is regularly used to connect to the enterprise network--so protecting a personal computer also protects the enterprise. In a school setting, IT departments today often extend assistant to students' device. Our school does that and advertises this service to students, again because a protected student computer also protects the school's infrastructure. And they will gladly do the same for instructor computers. Many colleges hold regular events in which individuals from the community can bring in their computers to be scanned and disinfected. It's an opportunity for students to put into practice what they have learned in the classroom.

 

Second, for someone who does feel "tech savy" enough to take it on, there are a variety of freely available tools that can be used. For example, the Microsoft Safety Scanner can be downloaded to find and remove malware on a Windows computer. For an Apple computer there are several third-party programs that can be downloaded. The best approach would be to disconnect the suspected computer from the Internet, download the software on a different computer, and then use a USB flash drive to transfer it to the infected computer.

 

Third, there sometimes are instances when, no matter what you do, the computer simply cannot be disinfected. In this worst-case scenario, it may be necessary to use your latest daily backup to restore the computer. Unfortunately, few users think about backups until it's too late. Data backups are essential and can protect against hardware malfunctions, user error, software corruption, and natural disasters as well as against cyberattacks. Online backup services use special software on the computer to monitor what files have changed or have been created; these are then automatically uploaded to a cloud server. Because these backups are performed automatically and stored at a remote location these online backup services provide the highest degree of protection to most users. However, there are sometimes situations when an online backup service may not be the right choice, such as when only a slow Internet connection is available. In that case you can perform your own backup from the hard drive to another medium and then store that medium in a remote location. Modern operating systems can perform these backups, and third-party software is also available.

 

I hope this helps.

 

Mark

Scholar

Great info!

This is so discouraging to hear Marc. I would hate to be one of those employees who were "encouraged" and rewarded to promote this scam. Awful. The "problems" you mention above, like, "PC recently became much slower" happen to anyone who has had their computer for a couple years, and this one: "Frequent pop-ups or other problems that prevent me from browsing the Internet" is usually the fault of website you're visiting than your computer. As a Mac user I have used CleanMyMac for a few years. Reviews on this program are good.

 

So sad that this could be done. But I see why. Computers and many websites are so frustrating that unknowing pc owners are easily taken advantage of. The recommendations in your comment above area great. Thx.