Ever hear the joke about the hugely successful software company that was scaring folks into buying basically nothing more a malevolent cure for fake computer viruses?
Unfortunately, that actually happened to very smart people, the same “tech savvy” folks who are careful about what information they download on their computers, and even among those who know better than to click on a “Win a free iPad!” link on Facebook.
Masters of Social Engineering
Wired magazine shares the story of the two con men – who are still on the lam — who sold their scam software to millions of unsuspecting consumers.
How did so many fall for this ploy? Originally, the two men sold counterfeit versions of popular software using tricks like browser hijacking and typosquatting. Eventually, their scam deepened and they appealed to consumers’ fear of computer viruses to sell antivirus software under the corporate name Innovative Marketing.
How They Did It
Unlike most hackers and scammers, they didn’t spy on anyone’s wifi activity to steal credit card info, nor did they break into anyone’s computer networks. Instead, millions of computer users were receiving “antivirus alerts” and soon enough, the two men were bringing in $1 million a month (they once boasted they could be selling “a block of ice” and still make money).
Their global scam conned victims in more than 60 countries to buy more than one million bogus software programs.
The two men set up fictitious websites that pretended to represent legitimate companies, then generated advertisements with hidden computer code to create alarming pop-up messages. The only way to solve the warning was to purchase the “software,” which was entirely useless.
The FTC ultimately brought a civil action against Innovative Marketing after it received an overwhelming number of consumer complaints.
Scary Software Genre
It’s called “scareware,” the Internet’s most virulent scourge.
According to the FBI’s indictment, the con men used the following protocol to deceive their victims:
- The scareware site appeared not to be a website at all, but rather a warning message from the computer user’s operating system, falsely informing the user of an error and prompting the user to click on a box to address the purported error. Further error message prompts occurred regardless of whether the user clicked the box agreeing to or declining to proceed or attempted to close the error message window.
- The scareware displayed an animated graphic image that gave the fake appearance that the computer was being scanned for various errors or viruses. Bogus results falsely showed that critical errors were detected by the fake scan.
- The scareware website then prompted the victim user to download a free trial version of the product, falsely promising that the software could repair the nonexistent critical errors.
The company even set up call centers to provide support in multiple languages, usually instructing customers to uninstall their other antivirus software. The Wired article says “the upsetting warnings stopped showing up, leaving nervous customers with the impression that their new purchase had done its job.”
Remarkable scam, isn’t it?
Software developer Panda Security found that, by 2009, an average of 35-million computers were being infected by scareware every month. The security firm Sophos says scareware is “the most promising way of turning compromised machines into cash.”
Creative scareware schemes probably won’t go away any time soon as evidenced by the millions who click on scammy links on Facebook and Twitter. Social networking ploys, like scareware, are new breeds of misleading scams that can cost unwitting consumers their hard-earned money – and privacy.