PatrickPretty.com

Tag: scareware

  • BULLETIN: International Scammers Used Mail Drops, 80 Different Domains And 130 Phone Numbers To Dupe People Into Paying For ‘Removal Of Bogus Viruses And Non-Existent Spyware, FTC Says

    BULLETIN: Calling it a “major international crackdown on tech support scams,” the FTC has charged multiple companies and individuals in an alleged fraud scheme in which consumers were duped into believing their computers were infected with “viruses, spyware and other malware” and then charged to remove it.

    To cover their tracks, the FTC charged, the scammers used “virtual offices that were actually just mail-forwarding facilities and “80 different domain names and 130 different phone numbers.”

    “And the tech support scam artists we are talking about today have taken scareware to a whole other level of virtual mayhem,”said FTC Chairman Jon Leibowitz.

    From an FTC statement today (italics added):

    The FTC charged that the operations – mostly based in India – target English-speaking consumers in the United States, Canada, Australia, Ireland, New Zealand, and the U.K. According to the FTC, five of the six used telemarketing boiler rooms to call consumers. The sixth lured consumers by placing ads with Google which appeared when consumers searched for their computer company’s tech support telephone number.

    According to the FTC, after getting the consumers on the phone, the telemarketers allegedly claimed they were affiliated with legitimate companies, including Dell, Microsoft, McAfee, and Norton, and told consumers they had detected malware that posed an imminent threat to their computers. To demonstrate the need for immediate help, the scammers directed consumers to a utility area of their computer and falsely claimed that it demonstrated that the computer was infected. The scammers then offered to rid the computer of malware for fees ranging from $49 to $450. When consumers agreed to pay the fee for fixing the “problems,” the telemarketers directed them to a website to enter a code or download a software program that allowed the scammers remote access to the consumers’ computers. Once the telemarketers took control of the consumers’ computers, they “removed” the non-existent malware and downloaded otherwise free programs.

    The scam was targeted at “English-speaking consumers in the United States, Canada, Australia, Ireland, New Zealand, and the U.K,” the FTC said.

    Assisting in the cross-border probe were the Australian Communications and Media Authority (ACMA), the Canadian Radio-television and Telecommunications Commission (CRTC) and the United Kingdom’s Serious Organised Crime Agency, the FTC said.

    All in all, the FTC filed six complaints in the Southern District of New York. The named corporate defendants include Pecon Software Ltd., Finmaestros LLC,  Zeal IT Solutions Pvt. Ltd., Virtual PC Solutions, Lakshmi Infosoul Services Pvt. Ltd., and PCCare247 Inc.

    Visit the FTC site to read the agency’s full statement and to access the complaints.

  • Star Tribune, Minnesota’s Largest Newspaper, Targeted In International ‘Scareware’ Cyberattack; 2 Suspects Arrested In Latvia; Bogus Ad Agency Purportedly Based In Miami Allegedly Used To Dupe Famous American Publishing Company

    EDITOR’S NOTE: This is one of those stories that can cause people to scream. The U.S. publishing industry has been deeply affected by the Internet. Print advertisers — the people who pay the bills — now can communicate directly and immediately with readers, a development that is sucking the life out of traditional print publishers. Publishers large and small are seeking ways to monetize electronic versions of print publications because that’s what much of the audience prefers.

    But switching in whole or in part to electronic publications has exposed the industry to a whole new set of problems, including wanton theft of entire editorial wells, theft of other intellectual property and trademark infringement. The story below details another new threat: the targeting of a famous journalism brand to drive traffic to an electronic fraud scheme.

    In 2009, the PP Blog suspended publication of a companion Blog on Ponzi schemes and securities fraud because of the theft of its entire editorial well. Earlier this year, the Blog suspended the publication of ads provided by Google because of chronic harassment directed at the Blog and some of its readers by a cyberstalker on YouTube. The PP Blog also has experienced sustained DDoS attacks, threats of “war” and threats believed to have originated with people sympathetic to online criminals.

    On April 6, the PP Blog reported such an incident to a federal law-enforcement agency.

    One of the most prominent publishing companies in America’s heartland was duped in a scheme  in which international criminals fabricated an “advertising agency” purportedly based in Miami and placed an ad by posing as media buyers for a major hotel chain, federal prosecutors said.

    When the Star Tribune newspaper tested the ad, the criminals initially covered their tracks by causing the ad to appear to be a normal ad for the Best Western hotel chain, the purported client of the purported advertising agency.

    Within two days of the Feb. 19, 2010, placement of the “ad,” however, Star Tribune readers interested in what they believed was a Best Western offering were subjected to a browser hijack in the Netherlands and Latvia that caused their computers to freeze and display pop-up messages for a purported “antivirus” software product.

    Such “scareware” attacks have been responsible for tens of millions of dollars in losses globally by duping computer-users into believing their machines have been infected with a virus or malware and making purchases of software to eliminate the problem.

    After the Star Tribune realized it had been duped, the newspaper pulled all of its online ads, isolated the problem, contacted law enforcement “immediately” and let its readers know about the infected ad.

    Federal prosecutors now say “RevolTech Marketing,” the purported  “advertising agency” in Miami, was bogus. The ad allegedly was placed by a media buyer who identified herself as “Lisa Polowski.”

    Moreover, Best Western “had not retained RevolTech to place online advertisments on its behalf,” according to prosecutors. They added that losses from the scam targeted at the Star Tribune and its readers totaled “at least” $2 million.

    Two people — Peteris Sahurovs, 22, and Marina Maslobojeva, 23 — were arrested yesterday in Rezekne, Latvia, federal prosecutors said. They are charged with wire fraud, conspiracy and computer fraud for creating the phony agency, falsely claiming they represented Best Western, duping the Star Tribune and causing scareware to load on the personal computers of its readers.

    The Star Tribune is Minnesota’s largest newspaper. It covers news in multiple categories across the Minneapolis/St. Paul region, state, nation and world, and in recent years has been covering spectacular local Ponzi scheme cases with wide readership interest, including the Tom Petters’ and Trevor Cook cases.

    Prosecutors did not say why the Star Tribune had been targeted in the cyberattack. Scammers, spammers and online criminals, however, are known to monitor publications for cultural references and specific “keywords” — and then seek ways to use the publications to drive traffic to fraud schemes.

    The PP Blog, for instance, has received 2,859 unwanted communications in June 2011 alone, mostly from keyword spammers trying to publish ads on the Blog and leech off its traffic. In the Internet Age, criminal networks monitor coverage of any number of topics and seek ways to piggyback off the topics to create illegal profits.

    “The global reach of the Internet makes every computer user in the world a potential victim of cybercrime,” said U.S. Attorney B. Todd Jones of the District of Minnesota. “Addressing cybercrime requires international cooperation; and in this case, the FBI, collaborating with our international law enforcement and prosecution partners, has worked tirelessly to disrupt two significant cybercriminal networks. Their efforts demonstrate that no matter the country, Internet criminals will be pursued, caught and prosecuted.”

    Jones’ reference to a second disruption of international cybercrime was in the context of a case brought in Washington state in which the United States seized 22 domestic computers and servers and arranged to have 25 international computers and servers disabled in a scareware probe known as “Operation Trident Tribunal.”

    Federal prosecutors said a scareware network had racked up $72 million in sales over three years by duping people into buying fake antivirus software.

    At least 960,000 computer users were duped in the scareware fraud, prosecutors said. Latvian authorities seized at least five bank accounts linked to the scheme.

    “This case shows that strong national and global partners can ensure there is no sanctuary
    for cyber-crooks,” said U.S. Attorney Jenny A. Durkan of the Western District of Washington.

    Read the Minnesota indictment.