When I first heard about the CryptoLocker malware, I thought, “As cybercrime goes, that’s about as low as you can get.”
Then it says, “Pay us $300 within three days, and you’ll get your data back. Otherwise… [FX: PUFF OF SMOKE.]”
The $300 buys you the 2048-bit RSA private key needed to unscramble your encrypted data.
But, as low as CryptoLocker might have stooped, I soon decided that fake support call scammers actually crawl yet lower still.
Fake support calls
Fake support scammers are the people who phone you up out of the blue (whether you are on the Do Not Call register or not) and, not to mince words, scare you witless with a litany of lies about malware on your computer.
For $300 or thereabouts, the same price point as CryptoLocker, the scammers will fix your computer, but any “fix” you get is as honest as the “problem” you didn’t have in the first place.
Many people have told me that these guys don’t just call once if you fail to cough up the $300.
They often call again and again, with the calls getting more and more odious and insistent – outright threatening, by many accounts – and with no real hope that they will stop.
Dealing with the scam
It’s easy to say, “But all you have to do is hang up, so this scam could never work.”
But it’s also easy to see how a well-meaning but not very technically savvy user, especially someone without a network of family or friends to ask for IT help, could be menaced into paying up.
Imagine the questions that worried users might ask themselves:
- Didn’t the caller say he was from Microsoft?
- Didn’t he say that a virus on my computer was attacking his company’s servers?
- Didn’t he find evidence of it in my system log, just as he predicted?
- Isn’t most computer support done over the phone and online these days?
- Isn’t this the third time he’s called, with the symptoms getting worse every time?
- Can’t you get sued for a cyberattack because you didn’t have a virus scanner?
- Won’t it end up costing $300 anyway, or even more, if I go to my local shop instead?
Demanding money with menaces is what it sounds like to me, alias standover, alias extortion alias blackmail.
And these guys have your phone number!
With that in mind, it’s always a good result when fake support callers get brought to book, even if they end up with just a slap on the wrist, like Mohammed Khalid Jamil of Smart Support Guys out of Luton in the UK.
So take heart from another small but positive outcome, thanks to the Federal Trade Commission (FTC) in the USA: Uttam Saha and Tiya Bhattacharya, who ran a company called Pairsys in Albany, New York, have been shut down by court order.
That may not sound like much, because all that’s happened is that they have to stop doing something that was dishonest, immoral and illegal anyway.
But in this case, the settlement with the FTC will see the scammers’ operation shuttered and their assets frozen.
Indeed, Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said:
We are pleased that the court has shut down the company for now, and we look forward to getting consumers' money back in their pockets.
There’s a lot of money to recover: the FTC claims that the pair have pulled in about $2,500,000 in the past two-and-a-half years.
Is it a real punishment?
Of course, just giving the money back isn’t really a punishment for the crooks, because they weren’t supposed to have it in the first place.
It’s still a result for the FTC, however, so, “Well done, Bureau of Consumer Protection.”
But it does raise the question, what do you think courts should do punish fake support scammers?
Dealing with fake support calls
If you have friends or family who have been pestered to the point of worry by fake support callers, here’s a short podcast you can tell them about.
We make it clear that these guys are scammers (and why), and offer some practical advice on how to deal with them.
(05 November 2010, duration 6’15”, download size 4.5MB)