Microsoft takes on scummy tech-support companies windowssecrets/top-story/microsoft-takes-on-scummy-tech-support-companies/ By Woody Leonhard In late December 2014, Microsoft filed a lawsuit against a U.S.-based company thats been accused of massive tech-support fraud. If youve been the victim of a phony tech support call — or you know someone who has — it might be payback time. In whats probably the first legal action of its kind, Microsoft is suing a tech-support company for trademark infringement, unfair competition, false advertising, and cybersquatting. According to the complaint (PDF), the defendants are the owners of Consumer Focus Services, a Los Angeles–based company that operates under various names such as Omni Tech Support, FixNow, and Techsupport Pro. The complaint also names other companies and describes the fraud as a web of related entities that perpetrate technical support scams on Microsoft software and device users. No doubt youve at least heard of scammers purporting to be from Microsoft Tech Support. This type of fraud occurs worldwide and probably rakes in billions of ill-gotten dollars. I warned Windows Secrets readers about these scum in the Feb. 3, 2011, Top Story, Watch out for Microsoft Tech Support scams. And Fred Langa related a readers experience in the Feb. 28, 2013, Top Story, Security alert: Bogus tech-support phone calls. The scams take many forms, but the general outline goes something like this: A Microsoft support person calls and states that your PC reported one or more infections. The caller then requests that you let him examine your system remotely. (In a common variation of the scam, you respond to an ad that promises to cure all your computers ills.) If you let the bogus support person into your machine, hell soon discover dozens of serious infections and other critical problems that need to be fixed immediately. All you have to do is hand over your credit card to make your system right. If youre lucky, the support person will have pretended to fix the problems and youll only be somewhat poorer for the experience. If youre a bit less lucky, your PC will be in slightly worse shape than it was. In the worst cases, the bogus support person will leave malware behind, just as a thank-you. Microsoft Digital Crimes Unit attorney Courtney Gregoire posted a blog and video about these scams. The video states that over three million [Microsoft] customers, this year alone, have been stung by tech-support scum. The blog describes the typical MO: Many of these technical support companies are able to gain victims trust by claiming they work for Microsoft, are a Microsoft Certified Partner, or [are] somehow affiliated with Microsoft. In some instances, once the tech scammer gains remote access to a consumers computer, they will use scare tactics — telling the consumer that if they do not pay for support services they will lose all of their files, suffer a computer crash, or risk the leak of personal identifiable information. Pop-up browser windows simulating virus-scanning software have fooled victims into either downloading a fake anti-virus program (at a substantial cost) or an actual virus that will open up whatever information is on the users computer to scammers. Although tech-support scams have been around for many years, Microsofts lawsuit represents a new tactic. Typically, the company would have worked with both law enforcement and the courts, for example, to take down malware servers (and some legitimate servers, as reported in a Toms Guide story). But in this case, Microsoft is taking the more direct and immediate action of suing a company providing allegedly bogus MS support. In my opinion, its about time — I wish them overwhelming success. Aiding and abetting bogus tech-support creds? That Microsoft is trying to stop bogus tech support is obviously a good thing. But some of its own terminology might be contributing to the problem. During the initial contact with a PC user, using or mentioning Microsoft immediately gives the support person some legitimacy and credibility. The most nefarious scammers will boldly identify themselves as Microsoft employees. More sophisticated scammers will be a bit more circumspect, drawing a picture and allowing the customer to fill in the blanks with their own assumptions. (The scammers will often have websites that help with the illusion of legitimacy.) Unfortunately, titles such as technical-support professional or tech-support provider are used by both scammers and genuine support persons. Theres nothing deceptive about these descriptions: theres no legal definition of a tech-support professional, no national accreditation that uses that specific terminology — that Im aware of. Adding Microsoft to the mix makes things somewhat murkier. For example, the title Microsoft tech-support professional is still relatively generic; it could apply to anyone who supports Microsoft products. Heck, most Windows Secrets readers probably feel from time to time like professional tech support for Microsoft. Even Microsoft employee can be confusing. There are many contract support techs who work for Microsoft but arent, technically, Microsoft employees. Even though all these descriptions are subject to misinterpretation, theres another one that I believe is even more problematic — Microsoft Partner Network. It might sound like something vetted and blessed by Microsoft, but its actually an association thats apparently extremely easy to join — a fact that most PC users dont know and that many scammers use to their advantage. All it took for me to join was a Microsoft ID (say, an outlook email address) and about two minutes of my time. (Theres a lengthy MPN agreement, but abiding by it seems to be on the honor system.) Want to see for yourself? Go to the Microsoft Partner Network homepage and click the Join Now button in the right-hand column. Sign in with any Microsoft account (the site calls it a Windows Live ID), fill out the on-screen form, and click the Submit box. Youll probably be granted immediate membership — as I was (see Figure 1). Join Microsoft Partner Network Figure 1. You can become a member of the Microsoft Partner Network in two minutes or less. My company was made a Microsoft Partner Network member immediately, eligible to sell Microsoft Online Services (see Figure 2). MPN welcome Figure 2. Once youre an MPN member, you can advertise that fact anywhere — and sell Microsoft Online Services, if you wish. Im amazed by the number of tech support–scam stories that make no mention of how easily scammers can advertise themselves as Microsoft Partner Network members. Its important to note here that being in the Microsoft Partner Network is very different from being a Microsoft Certified Partner, as Brian Krebs explained in his November blog post. But its a sure bet only one PC user in a thousand knows the difference; more likely, its one in a hundred thousand. Microsofts complaint against Consumer Focus Services claims that the defendants have utilized the Microsoft trademarks and service marks to enhance their credentials and confuse customers about their affiliation with Microsoft. Defendants then use their enhanced credibility to convince consumers that their personal computers are infected with malware in order to sell them unnecessary technical support and security services to clean their computers. But its clear that Microsoft itself has — inadvertently — helped the scammers. The bigger problem — and what to do about it As Microsoft goes after the big fish in the U.S., I expect that smaller, local tech support–scam operations will pull up stakes and move overseas. Many, for example, already have a presence in India. If Microsoft prevails in its suit against Consumer Focus Services (the company is presumed innocent until proven otherwise), CFS could easily relocate all its operations outside the U.S. Its website describes the company as A pioneer in India-based offshoring with over a decade of experience in call center outsourcing … [with] multi-location delivery (offshore and onshore) centers in India (Bangalore). The U.S. Federal Trade Commission is tasked with prosecuting overseas scammers, but its obviously a Herculean task. In an Oct. 3, 2012, post, the FTC announced that it had teamed with organizations in Australia, Canada, and the U.K., cracking down on 14 companies and 17 individuals mostly based in India that used cold-call tech-support scams. Two years later, the FTC reported that it had settled with several of the defendants and has received settlements and judgments totaling more than U.S. $5 million. Thats a slap on the wrist, given Microsofts claim that scams result in losses of $1.5 billion a year. Another trend is even more serious. Although Microsoft, the FTC, and other authorities from many different countries have tried for years to crack down on tech-support scams, the problem is getting only worse — especially as the already large, worldwide pool of English-speaking, PC-literate, but poorly paid workers continues to expand. I assume that regular Windows Secrets readers would never fall for this type of scam. But someone you know probably will. Warn your friends and family. Microsofts Gregoire sums up the fight: If someone claiming to be from Microsoft tech support, or affiliated with Microsoft, calls you: Do not purchase any software or services. Ask if there is a fee or subscription associated with the service. If there is, hang up. Never give control of your computer to a third party unless you can confirm that it is a legitimate representative of a computer support team with whom you are already a customer. Take the callers information down and immediately report it to your local authorities. Never provide your credit card or financial information to someone claiming to be from Microsoft tech support. Everyone who uses a Microsoft product should know that Microsoft never calls to provide technical support — unless youve specifically requested a callback and you have a callback number. Have you been scammed or think you might have a scammer on the phone? A Microsoft page tells you how to report it. For more information on working with Microsoft Tech Support, see Susan Bradleys April 3, 2013, On Security story, Working with the real Microsoft Support (paid content). Feedback welcome: Have a question or comment about this story? Post your thoughts, praise, or constructive criticisms in the WS Columns forum. Help people find this article on the Web: Twitter Twitter Facebook Facebook LinkedIn LinkedIn Google+ Google+ Permalink Permalink
Posted on: Thu, 22 Jan 2015 23:48:22 +0000
Trending Topics
Recently Viewed Topics
© 2015