Few days ago, a court in the United States has announced a judgment of more than $163 million against defendants in the FTC case agains “scareware” operation. This case had started on December 2, 2008, the U.S. Federal Trade Commission (FTC) filed a Complaint in federal court against Innovative Marketing, Inc., ByteHosting Internet Services, LLC, as well as individuals Sam Jain, Daniel Sundin, James Reno, Marc D’Souza and Kristy Ross. In the judgement, the case named Kristy Ross, both individually and as an officer of Innovative Marketing, Inc; the court order also permanently prohibits the defendant, Kristy Ross, from selling computer security software and any other software that interferes with consumers’ computer use, and from any form of deceptive marketing. Two founders of the company, Sam Jain and Daniel Sundin, were found to be jointly liable for the fine. This case exemplifies a battle against scareware – scam tactics that have been more and more prominent since 2008.
What is Scareware?
A scareware is a rogue security product (“rogues”) that display false security alerts of computer infection and asks for payment and/or a personal information to perform a fake “cleanup” or a “fix”. Rogue security software has become a growing and serious security threat in desktop computing in recent years.
A scareware is software designed to scare you by employing a tactic frequently used by criminals to convince users that a virus has infected their computer, then suggesting that they click to buy and download a fake antivirus software to fix the computer. Another tactic used is tricking users into uninstalling legitimate antivirus software, or disabling their firewall, which basically means granting access to your computer to any kind of malicious software (We offer solutions against viruses and malware).
The selling approach uses social engineering (fraud) to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user. Some forms of spyware and adware also use scareware tactics to gain access to financial and other personally identifiable information from the computer user.
Just in the 12-month period from July 2008 to 2009, according to Symantec, more then 43 million people were victimized by the scareware scam. Con Mallon of Symantec points out: “Obviously, you’re losing your own hard-earned cash up front, but at the back end of that, if you’re transacting with these guys online you’re offering them credit card details, debit card details and other personal information. That is obviously very valuable because these cyber criminals can try to raid those accounts themselves or they can then pass them on or sell them to others who ultimately will try to use that information to their benefit.”
How to protect yourself from Rogues and Scareware?
1. Remember that rogue scareware may come to you in several forms, and may try to disguise itself as a legitimate product, such as:
- A browser plug-in or extension (most likely a toolbar)
- An image, screensaver or archive file attachment in an e-mail message
- A multimedia codec, ActiveX component or Java applet required to play a certain video clip
- Software shared on peer-to-peer networks allowing access to various resources
- A free online malware scanning service
2. Invest in quality business-grade antivirus software.
3. Use good judgement when it comes to programs and features you encounter using your computer.
4. In specific cases, when questionable dialog window popup already presented itself when using a computer, do not click on any of the popup’s buttons, but rather use Ctrl+Alt+Delete to open the Task Manager on your computer, and stop the program from running.
5. If in doubt, consult with your trusted IT adviser prior to taking any action.
Online criminals are making millions, and even with legal actions this “business” is too profitable to be gone overnight. Be on guard and protect your computers and your data.