November 10, 2014 the Federal Trade Commission along with local Delray Beach Florida law enforcement raided the facilities of OMG Tech Help and Vast Tech Support; effectively closing down these and related businesses for engaging in deceptive business practices by running “a multi-million dollar computer repair scheme that exploits consumers’ fears about computer viruses, malware and other security threats.”

This is a huge win for consumers who, as the TRO Motion makes clear, have been bilked out of millions of dollars by fraudsters tricking people into paying for unnecessary tech support services or software. Included in the TRO is “an asset freeze” to allow for “equitable relief” for those victimized by this scam.

Tech support scams have been a growing industry in the past few years and we’ve written about them several times. Our advice has always been the same, take your computer or server to someone local, don’t trust the calls, emails or popups you receive.

For more information on how these scams are perpetrated read our article Tech Support Scams - Don't be a Victim. 

In the case of OMG Tech Help and Vast Tech Support the scam works through a free downloadable program called PC HealthBoost (see above image); the software was developed by and is maintained by Boost Software of Massachusetts and they are included in the TRO. The software is marketed, if you can call it that, through paid for ads and popups on websites.

Screenshot of PC HealthBoost software scam.[/caption]

From the FTC, “Upon downloading a free version of the product, the product automatically initiates a bogus computer system scan that invariably detects hundreds or thousands of purported “errors ” in need of repair. PC HealthBoost’s bogus free scan falsely identifies innocuous and helpful files as “errors”. The Boost Defendants then offer consumers the opportunity to “fix” these errors by downloading the paid version of the software for $29.97. After duping consumers into purchasing the paid version of PC HealthBoost, the software instructs consumers to call a toll free phone number to activate the product.”

For details on some of the innocuous items identified as errors, as well as how the remote access section of the scam works see our article.

It is through the need to activate the product that the scam transitions from Boost Software to OMG Tech Help and Vast Tech Support. Now you’re in the hands of the next step of the scheme to “extract additional money from unsuspecting consumers”.

As a part of the activation the telemarketer finds a way to get you to allow them to have remote access. Once remote access was gained to the intended victims’ computers they “tricked consumers into believing that their computers are riddled with problems and in imminent danger of crashing, the telemarketers then pitch the services of technicians, including repairs and long-term maintenance programs. The Vast Defendants recommend and charge for repairs even when computers are in good working order and have no issues. Through the course of the scheme, the Boost and Vast Defendants have caused more than $22 million in consumer injury.” (emphasis added)

Vast is reported to have operated under multiple dbas including OMG Tech Help, OMG Total Protection, OMG Back Up, dowloadsoftware.com and softwaretechsupport.com.

To put that $22 million in consumer injury into perspective, consider the President of OMG Tech Help Jon-Paul Vasta’s LinkedIn Profile.

That's $22 million in not even 3 years of running this scam.

Near the end the TRO gives us another encouraging bit of information, “Before founding Vast, JP Vasta worked for Inbound Call Experts, another computer repair scheme operating out of Boca Raton subject to an FTC and State of Florida enforcement action filed simultaneously with this case.”

While it is good news that it appears a second computer repair scheme is also out of business the damage caused by Inbound Call Experts dba Advanced Tech Support, appears to be even larger than OMG Tech Help. Consumer’s reported paying $150 – $500 for each phony repair, coming to a total of nearly $100 million in revenue from consumers.

Employer review site GlassDoor.com may offers a glimpse at what Inbound Call Experts was all about. From September 2, 2014 “Former Employee…you feel like you are taking money from people who don’t have it for things they don’t need.”

The related companies in the Inbound Call Experts case are coast to coast, from Advanced Tech Support in Florida to PC Cleaner, Inc. and Netcom3, Inc. in California. The combined defendants had approximately 150 domains that they would use to lure victims in. The domains include:

• freetechsupport.com
• advancedtechsupport.com
• malwareexperts.com
• pcmri.com
• pcmriforlife.com
• superpcsupport.com
• pcvitalware.com
• fix22.com
• fixme1.com

These defendants would “partner with computer security software companies to purportedly provide technical support for particular software. In those instances, unbeknownst to the consumer the defendants pay for the phone number that appears on the software partner’s website. When consumers call the software company for assistance with a particular product, rather than reaching that software developer, they reach ICE/ATS.”

One of the downloadable programs offered specifically by PC Cleaner, Inc. which claims to show infections, but instead uses false information to trick the victim has been downloaded by users more than 450,000 times between 2011 and 2013 per the FTC filing.

This is great news for consumers everywhere! But remember these two aren't the only companies working this scam online. It’s always best to take your computer to a local trusted company!

Top Speed's South Reno Office

If you've ever felt angry, irritated or upset at yourself for falling for some cleverly worded email and clicking on the attachment thereby infecting your computer or your company's network with something awful, you're not alone!

The point of social engineering is both to get around standard network security setups and to dupe individuals at all levels into opening that email attachment or entering their credentials into that look-alike site.

Operation Pawn Storm is a study done by TrendMicro into "economic and political espionage attacks instigated by a group of threat actors primarily targeting military, embassy, and defense contractor personnel from the United States and its allies."  Looking at the list of targets it's clear that this is a group with heightened security concerns and those most of us would imagine are well equipped to fend off cyber-attacks, but the reality is they are just as susceptible to a cleverly worded email as the rest of us.  And no amount of available money put into network infrastructure can full mitigate human error.

Included in the study as targets are ACADEMI - defense contractor formerly known as Blackwater, SAIC, the Organization for Security and Co-operation in Europe, the Ministry of Defense in France, broadcasting companies, Ministry of Defense in Hungary, Polish government employees, United States Department of State and the Vatican Embassy in Iraq.

So how were these individuals tricked?  The simple answer is exact same way the attackers trick everyone else.  Spear-phishing schemes, carefully worded emails, and slightly changed / redirected domains.

Examples from Trend Micros report:

The Ministry of Defense in Hungary was tricked using an upcoming Exhibition / Conference.  The attackers purchased a domain similar to the actual conference and created a similar website then sent out targeted emails to those who could be expected to attend from Hungary.

• Real conference domain - eurosatory.com
• Malicious conference domain - eursatory2014.com

Similar to the Hungarian Defense Ministry, SAIC was the target of a spoofed conference website.  In this case it was for the "Future Forces 2014" conference and the intent was to trick email recipients into providing their webmail credentials.

• Real conference domain - natoexhibition.org
• Malicious conference domain - natoexhibitionff14.com

Additionally the attackers are using malicious attachments to install malware on unsuspecting victims computers.  This is exactly what they do to users not in heightened security industries, only in these cases the attachments tend to be more specific to get the intended victim to open them.

Whereas many people receive and unfortunately open attachments that say "Undeliverable USPS Parcel Shipping Details" those in who work for more security entrenched targets are more specifically targeted with documents they won't suspect as being malicious:

Military official in Pakistan received a Word document claiming to relate to the Homeland Security Summit in the Middle East.

Polish government employees received a document related to the shooting down of flight MH17 over Ukraine. Military officials in multiple countries received an Excel attachment posing as a list of journalists accredited at the APEC Summit 2013.

Vatican Embassy in Iraq received a Word document claiming to be about a bombing the day before.

It's not USPS package that wasn't deliverable, it's specific, relevant information to the targeted recipient.

From these examples you can see how social engineering works across all spectrums and cyber criminals have become adept at exact targeting of their victims to get the desired information or result from the attack.