Office Depot Fined $25M for Defrauding Customers With Fake Malware Removal Service
The FTC announced it has fined Office Depot $25M for scamming customers into buying malware removal services they never needed. The company that cooperated with the scam, Support.com, was also fined $10M, for a total of $35M. The two companies collaborated to charge Office Depot customers up to $300 for malware removal services. Office Depot also owns OfficeMax (the two companies merged in 2013).
From 2009 through 2016, Support.com provided Office Depot/OfficeMax with a “PC Health Check Program.” While it posed as a PC hardware diagnostics application, the actual purpose of the program was to sell consumers malware removal services. It also claimed to have detected infections when no infections were present. According to the FTC complaint “the PC Health Check Program did not, and by design, could not ‘find’ or ‘identify’ anything to return these results.”
Instead of actually performing any kind of scan, the utility was designed to claim that repairs were required if the consumer checked any one of four boxes indicating they were having generic problems with their computer.
The four problems presented were:
- “Frequent pop-ups or other problems prevent me from browsing the internet.”
- “My PC recently became much slower or is too slow to use.”
- “I am often warned of a virus infection or I am asked to pay for virus removal.”
- “My PC frequently crashes.”
No scans were ever performed on consumer PCs. If you checked one of those four boxes, the system scan would claim to have detected a malware infection automatically. The FTC complaint claims that the malware remediation services provided by Office Depot-OfficeMax could be more than $300 per service.
Screwing the Least Educated
Scamming customers like this is profoundly unethical and there’s no excuse for it. It can be annoying and time-consuming to troubleshoot a machine when dealing with a low-knowledge customer. That doesn’t make it okay to lie to people for the purposes of scamming them.
I’ve worked in the PC service and repair business formally and informally for decades. The application Support.com created wouldn’t even be a good app if it worked. Of the four issues it claims to diagnose, only two of them are directly tied to a likely malware infection. A PC that’s too slow to use could simply be an old machine. A PC that crashes frequently could be suffering from almost any kind of problem. Not content to sell fake malware removal to people who didn’t need it, Office Depot and Support.com designed a software solution that wouldn’t even properly tell them when their own scam wouldn’t work.
We all know what one of the remediation services Office Depot would have suggested was: Blow the OS and start over. Invariably, that’s what these sorts of services do. Conveniently, that solution would also dispose of the evidence that might have proven the system never had a malware infection in the first place.
But that’s part of what makes this so egregious. Office Depot didn’t just bet it could sell expensive remediation services to people who might not need them. It bet that its customers were so stupid, it could sell them expensive remediation services that would do nothing to fix their underlying issues and that people would simply be willing to eat it. The scheme blew apart in 2016 when an investigation by KIRO 7 in Seattle discovered the utility would detect malware on brand-new computers. Multiple technicians at multiple locations pushed the TV station crew to buy malware removal products for $180 a pop. At the time, Office Depot technician Shane Barnett explained that the techs were required to run the utility on every single system that came into the store. From our own coverage back in 2016:
“The program itself is mandatory,” said Barnett. “It’s not an option to not run the program. You have to run it on every machine that comes in the building. Period.” Barnett adds that he and other technicians communicated the problems with PC Health Check to upper management, which wasn’t interested in their reports.
The FTC notes that Office Depot employees had complained internally about the program since at least 2012, with one employee writing: “I cannot justify lying to a customer or being TRICKED into lying to them for our store to make a few extra dollars.” Despite this, the company continued to mandate the use of its fake software product to scam people out of money. The FTC will use the $35M to provide refunds to affected customers. We suggest doing business with companies who haven’t actively advertised their own willingness to defraud people.
Continue reading
Malware Masquerading as Android 2FA App Infected 10,000 Phones Before Removal
Known simply as 2FA Authenticator, the app picked up more than 10,000 installs until security researchers identified it as a vehicle for trojan-dropper malware.
Clever Malware Masquerades as Windows 11 Installer
A Russian website disguised as an official Microsoft page is distributing an "upgrade installer" that won't get you Windows 11. What it will get you is a bunch of malware.
Researchers Devise Malware That Runs When an iPhone is Powered Off
The iPhone's low-power mode allows users to access Express cards and locate lost devices even when the phone is turned off—but it also presents a concerning security vulnerability.
Google Warns of Sophisticated Malware Distributed With The Help of ISPs
According to Google's Threat Analysis Group (TAG), this spyware was developed by an Italian company called RCS Labs. The firm claims to be on the right side of the law, but that doesn't change the fact its software is being used to breach user privacy.