April 25, 2014 at 10:08 AM ET
If you've ever hunted for hard-to-find tech support number, sometimes a little Googling or "Binging" will do the trick.
But shady outfits, impersonating the help lines of companies like Netflix and AOL, are buying up ads to put bogus pages at the top of search engine results. After entering their username and password on a fake login page, customers are told their account is locked and they need to call a special number to unfreeze it. That's when the real ripoff starts.
Linda Harper, the 49-year old owner of Linda's Towing and Transport in Accokeek, Md., is a tech support scam victim. After the fraudsters convinced her to let them remotely control her home computer, they made it show error messages they told her were viruses and snatched nearly $2,500 from her bank account.
"You feel violated," she said.
Even after she got suspicious and had her bank cut them off, the scammers held her computer for ransom.
They deleted everything on her hard drive and demanded money for a fix. If she didn't pay up, they said they would "interfere" with her business.
"I started to get scared. I didn't know where these people were. I didn't know if they knew where I lived."
"I started to get scared," said Harper. "I didn't know where these people were. I didn't know if they knew where I lived."
That's when she called the police.
A recent AARP study found that the average age of an online fraud victim is 49. It identified fifteen risk factors that make a person more vulnerable to online fraud, including "feeling lonely" and clicking on pop-up ads.
Jerome Segura, a researcher for security software company Malwarebytes, began setting up dummy computers to trap tech support scammers after one tried to defraud him. The first to report on the Netflix repair scheme hiding in search engine ads, he's recorded videos of himself clicking on the fraudulent ads and then stringing along the con artists as he gathered information to shut them down.
Variations on the scam have been around for years, usually with the criminals cold calling customers. A version of the Netflix-themed scam popped up a few weeks ago using phishing emails. The search engine ads are a new twist. The scammers can sit back and wait for the victims to call them.
Adding to the perniciousness of the search engine ad is that they get people who are already looking for assistance. That's why the fraudsters are willing to pay a premium for the relevant keywords, as much as $2 to $3 per click, said Segura.
Once the user clicks the ad, they're taken to a page that imitates the service company's real one. The URL often contains the company's name or a variation. Then it asks for a login.
"That's a ruse to get users to trust the page," said Segura. "It serves a double purpose."
First, it collects the customer's username and password. Then it tells them their account has been locked and they need to call a special number to unlock it. Call the number and the person on the other end of the line isn't a Netflix or AOL tech support rep, but a con artist.
Once you're connected, the scammers use a common set of tactics. They get you to download a program on your computer that gives them total control over it. They make it run simple commands that have nothing to do with security to make it look like the computer is filled with warning messages, viruses, even ongoing hacker attacks. Once the customer is convinced their device is on the brink of ruin, the scammers ask for hundreds of dollars to fix the non-existent issues.
"There was just error after error," said Jim Brazer of Overland, Mo. of the screens the supposed tech support agent from Iowa showed him after remotely taking control of his computer. The man with a foreign accent told him his drivers were "degraded" and he needed to pay $312 to fix the problems. He would also get a "lifetime service" guarantee.
"I'm not computer illiterate, I know enough to get what I'm looking for," said the 62-year-old Air Force veteran. But the tech was like a wizard.
"He's flipping programs, flipping pages, I'm just sitting there going, 'wow, what is this guy doing?'"
For the next two hours, he watched as the the man over the phone zipped his mouse around the screen, moving programs and files around and flashing window after window of impressive-looking diagnostic screens. After the cleaning was complete, all seemed well.
But later that night, the tech company called back and said there was a problem with the transaction. They asked for his driver's license number to help it along. Despite misgivings, he gave it to them.
The next morning, he told his wife what happened. She called the bank and discovered the service company had transferred $1,500 from their account to one in India. When Brazer called back the numbers for the tech support company, they all went straight to Skype voicemail.
The experience has left him jaded.
"I used to be a 'trust everybody' type of soul, but right now I don't trust anybody," he said.
"I used to be a 'trust everybody' type of soul, but right now I don't trust anybody."
Using an electronic "beacon" he hides inside the documents he lets the scammers take, researcher Segura has traced back many of the operations to India. That makes any kind of enforcement difficult. His best bet is to submit his evidence to the scammers' hosting company to get them to pull the plug on the website. But with a few keystrokes they can just set up shop elsewhere, turning clampdowns into international games of Whac-A-Mole.
The numbers are worth it for the bogus tech teams.
"If they can charge one customer $400, that's about the average salary for a month in India," said Segura.
Google and Bing say they're battling fraudulent ads every day.
"We have an extensive process for monitoring the Bing Ads network against known fraudulent patterns to help detect, prevent and mitigate fraud and phishing techniques," said David Gottlieb, a Bing Ads group program manager. "Microsoft will take immediate action to mitigate the activity by blocking the bad actor from our system and where possible not attempt to collect money from the fraudster."
Google spokesman Aaron Stein says the search engine company removed more than 350 million "bad ads" from its system in 2013. He said that Google decides what to do with the money it earns from fraudulent advertisers on a case-by case basis.
"We're constantly reviewing ads to ensure they comply with our AdWords policies," said Stein. "If we find violations, we'll take the appropriate actions — including account disablings and blacklists — as quickly as possible."
Harper was able to get her bank to recover her funds and her computer fixed. But waiting for the money made her mortgage payment late and put her trucking company in a cash flow crunch. The police never called her back, she said.
"These people are overseas. It's hard to catch them," she said.
Got a consumer complaint? Email it to firstname.lastname@example.org to get it checked out.