The US government set up a sting operation to gather evidence against a company called PCCare247 which was defrauding people.
This is a variant on the classic windows support engineer scam.
A cold caller tells you your PC has a virus, says he can prove it then offers to fix it for several hundred dollars (or equivalent in the local currency).
This variant is that PCCare247 advertised heavily that they help people sort out PC issues, but when someone called, then PCCare247 would find faults that didn’t exist and charge a lot of money to rectify the non-existent problems.
Agent Sheryl Novick contacted PCCare247. They are based in India but had built a lucrative business advertising over the Internet to Americans, encouraging them to call for technical support.
“I saw some sort of pop-up and I don’t know if there’s a problem,” she told a PCCare247 tech named Yakeen. He offered to check the “management part” of her computer for possible problems. All he needed to run his test was total control of Novick's Windows computer.
She agreed, downloading and installing a remote access tool. Then Yakeen took control of Novick’s computer and opened a program called Event Viewer.
Event Viewer always shows lots of errors but they are trivial and should be ignored.
Yakeen showed Novick a series of bright red warning messages in her Event Viewer logs.
“It has 30 errors,” he told her.
“Your computer is hacked by someone,” he said. “They are using your name and your ID, your computer to do some cyber fraud and cyber terrorism.”
This was a brazen lie; forensic examination would later conclude that the single connection displayed was in fact the remote access tool that Yakeen was using at that moment to control Novick’s machine.
To complete his examination, Yakeen then told Novick that he would scan her computer for viruses. To do so, he ran a command called “tree.” Filenames immediately filled the screen, scrolling away in a blur as hundreds of new names took their place. When the list stopped moving, the command prompt read:
C:\509 virus found
The situation sounded bad—unless you knew that the tree command used by Yakeen has nothing to do with viruses. It merely lists all files within a directory and Yakeen had simply typed the 509 virus found message hoping that Novick would believe it to be output from the “virus scanner.”
Yakeen promised that he could “remove all the hackers, remove all the errors and 509 virus from the computer and recover all the data?”
All Novick needed was $400.
After some negotiation, Novick agreed to a smaller charge and provided her credit card.
What Yakeen didn’t know was that Novick was actually a Federal Trade Commission (FTC) investigator and she had recorded the entire encounter, which had been conducted using a clean PC located within an FTC lab.
After the call, the FTC sent Civil Investigative Demands—requests for information—to just about every US company that had done any sort of business with PCCare247: banks, credit card processors, domain registrars, telephone companies, Facebook, Google, and Microsoft. In October 2012, agency lawyers had assembled their case into a 15-page complaint against PCCare247 and its owner, Vikas Agrawal .
“The Defendants operate a massive scheme that tricks consumers into spending approximately $139-$360 to fix non-existent problems with their computers,” the complaint alleged.
Those fees added up to serious revenue for PCCare247. In just one year, $4 million had been deposited in the two main PCCare247 bank accounts—and that was just from US residents.
The company used this cash to build more business, spending more than $1 million on Google adverts.
But PCCare247 went further, taking out ads on search terms like “mcafee phone number usa,” “norton customer service,” and “dell number for help.” The ads themselves said things like “McAfee Support - Call +1-855-…]” and pointed to domains like mcafee-support.pccare247.com. As numerous complaints attest, less savvy computer users searching the Internet for specific tech support phone numbers would see PCCare247’s number near the top of their screens and assume that this was an official line.
It wasn’t difficult for the FTC to obtain a temporary restraining order against PCCare247, an order that made it all but impossible to do business in the US. Most of the company’s cash had already been transferred to Indian banks, but the TRO did shut down the company’s domain name, local phone numbers, and credit card processing. New money would not be flowing.
The FTC litigation has effectively shut down the PCCare247 business,” the company complained to the federal judge overseeing its case. It admitted to “some improper conduct” but attributed this only to “some overzealous sales personnel who crossed the line” and said that “they will be dismissed or retrained.”
One less scam operator – at least in America.