Office Depot And Partner Ordered To Pay $35 Million For Tricking Consumers Into Thinking They Had Malware
from the gotcha! dept
I have worked in the B2B IT services industry for well over a decade. Much of that time was spent on the sales side of the business. As such, I have become very familiar with the tools and tactics used to convince someone that they are in need of the type of IT support you can provide. One common tactic is to use software to do an assessment of a machine to determine whether it's being properly maintained and secured. If it is not, a simple report showing the risks tends to be quite persuasive in convincing a prospective client to sign up for additional support.
Done the right way, these reports are factual and convincing. Done the Office Depot way, it seems only the latter is a requirement. The FTC announced on its site that Office Depot and its support partner, Support.com, Inc., has agreed to pay $35 million to settle a complaint in which the FTC alleged that consumers were tricked using a computer health application into thinking their machines were infected with malware when they often times were not.
Office Depot has agreed to pay $25 million while its software supplier, Support.com, Inc., has agreed to pay $10 million as part of their settlements with the FTC. The FTC intends to use these funds to provide refunds to consumers.
“Consumers have a hard enough time protecting their computers from malware, viruses, and other threats,” said FTC Chairman Joe Simons. “This case should send a strong message to companies that they will face stiff consequences if they use deception to trick consumers into buying costly services they may not need.”
The complaint itself, embedded below, is quite the read. Office Depot's scheme went like this. For a decade, Office Depot would take in customers' computers for diagnostics. Through it's partnership with Support.com, PC Health Check would be run on these machines and the owners of them would be given a short questionnaire to fill out. While that application can in fact be useful in detecting malware on machines, the FTC alleges that the "report" delivered to consumers was based entirely off of the short questionnaire instead. And what kind of questions were consumers asked to answer to indicate whether their machines were infected with malware or not?
Well...
These included questions about whether the computer ran slow, received virus warnings, crashed often, or displayed pop-up ads or other problems that prevented the user from browsing the Internet.
The complaint alleges that Office Depot and Support.com configured the PC Health Check Program to report that the scan found malware symptoms or infections whenever consumers answered yes to at least one of these four questions, despite the fact that the scan had no connection to the “malware symptoms” results. After displaying the results of the scan, the program also displayed a “view recommendation” button with a detailed description of the tech services consumers were encouraged to purchase—services that could cost hundreds of dollars—to fix the problems.
Members of the IT industry are already laughing at this. There is a universal understanding in our industry that if you ask a user if his or her machine is running slow, he or she will say yes. Full stop. To base a recommendation off of this answer, never mind to configure software to report malware symptoms based on it, is ludicrous in the extreme. Unless, of course, you're building a tech support business on the strategy of tricking consumers into thinking they have malware infections when they do not. In that case, all of this makes perfect sense.
Except that it's also a violation of laws against deceptive practices. It's also dumb in the extreme, as it's the kind of trick you can only get caught at once to torpedo your reputation and cause the public to never seek out your help for tech support again. Put another way, there is zero reason for anyone to ever seek out Office Depot's help for their computers ever again.
That's no way to run a business.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: ftc
Companies: office depot, support.com
Reader Comments
Subscribe: RSS
View by: Time | Thread
"That's no way to run a business. "
Bu the perfect way to RUIN a business.
Also, that program should be called PC WEALTH check.
[ link to this | view in chronology ]
Re: "That's no way to run a business. "
The trick is to extract as much money as possible before the company goes down in flames... while you can still point to a profitable company during your next job interview.
There are lots of companies. Why take a recurring small profit from one when you can take a huge profit, then jump ship and repeat?
[ link to this | view in chronology ]
The good news is that since 2016 when they (and others) got caught, the actual security industry has clamped down hard on software of this type, to the point that if that version of PC Health Check were run today on a PC with any security software (including Windows Defender), the software itself would get flagged up as maliciously deceptive in short order. I can just see the look on the Office Depot employees' face when THAT alert comes up....
[ link to this | view in chronology ]
Re:
They would just convince the clueless user that it was a counterfeit version of Windoze from China and they would have to take the PC in for a thorough formatting and reinstall of the "Office Depot official Windoze forever..." and they would make five times the money from the sucker (/User).
[ link to this | view in chronology ]
I remember when Symantec got caught.
Theirs was (is?) a downloadable diagnostics program which would produce a list of security or performance issues and then recommend Symantec utilities to fix them.
Only the utilities recommended wouldn't.
A white hat bought the products, ran them. Uninstalled them and ran the free diagnostic again. Sure enough, many of the warnings were not priority enough to actually be addressed by the programs recommended to fix them.
In the 90s, among my of tech support ads, one suggested a few of the free diagnostics / anti-malware offerings on line before buying into a commercial brand. (Call me if you have a problem, or you're feeling too lazy/busy/whatever to do periodic maintenance of your computer.)
[ link to this | view in chronology ]
Re: I remember when Symantec got caught.
thank god they merged with a more reputable company
[ link to this | view in chronology ]
Can I sue Microsoft for tricking me into installing Windows?
[ link to this | view in chronology ]
Re:
Depends. Was the trick your installation of Windows, or forking over the money for it?
[ link to this | view in chronology ]
Re: Re:Windows tricks
Well, one of the machines I help to maintain runs the monthly Windows Malicious Software Removal Tool, but after rebooting it, Windoze is still there. Obviously not a very good removal tool.
[ link to this | view in chronology ]
Re: Re: Re:Windows tricks
The truth is that only intelligent beings can harbor malice, and we've yet to invent intelligent software. By definition, then, there's no malicious software for it to remove.
[ link to this | view in chronology ]
Re: Re: Re: Re:Windows tricks
Don't be a pedant. You know as well as anyone else that "malicious software" refers to the intent of the creator, not the software itself.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:Windows tricks
If we're going to overanalyze a series of jokes, we might also note that Office Depot was more likely sociopathic than malicious (cf. "The Corporation", 2003). They didn't set out to harm their customers; they just didn't care.
[ link to this | view in chronology ]
What's that sound?
Oh yes, it's a slap on the wrist.
[ link to this | view in chronology ]
The partner moved to Mumbai and now calls telling you they are from Windows and your computer has alerted them you have virus and your system will be shut down unless you give them your CC number now!
[ link to this | view in chronology ]
Re: Give them your CC number
“Oh, it’s not a swindle. What you do is, see, you give ’em all your credit card numbers, and if one of them is lucky, they’ll send you a prize.” – Abe “Grampa” Simpson
https://deadhomersociety.com/2012/07/07/quote-of-the-day-1206/
[ link to this | view in chronology ]
$?
So, how much Store Credit will I get in this "refund" after the lawyers and the FTC take a cut of the settlement?
[ link to this | view in chronology ]
That is exactly how you run a business, into the ground.
[ link to this | view in chronology ]
just their cost of doing business?
Of course, their duped customers only get "refunds," and they're probably for far less than they were ripped off. Victims should get full refunds plus punitive damages. And the people who orchestrated this scheme should face criminal charges. How much did they profit? More than the $35 million fine? To be any kind of a deterrent, fine should be every dollar the scheme profited, plus treble punitive damages to the victims, and jail time for the purps.
[ link to this | view in chronology ]
Running outside software..
If yu dont know what the program is/does, and/or a friend wishes to run it ON YOUR COMPUTER...
That program can gather Tons of info, and data and Pop it onto a disk/Flash card and All of a sudden, there is more of a problem then you think..
Its not just the FAKe Virus/bot ID, its all your passwords, Internet visits, Bank data, as well as Backdooring into your system remotely. Your computer is important, more so then your cellphone.
LEARN a few things, DO them yourself..MOST programs can/will run in the background or you can Manually run them IF' things get alittle strange on your computer. Find something you trust. Find SOMEONE you trust..Search the net and READ a few articles on things you might want or need.
Do remember, nothing is perfect. Alternatives help. I have 3 programs to scan my machine, and each does it in different ways. Things cant hide very well.
The biggest thing to remember. A CLEAN SYSTEM can Stay clean, as long as there is NO INPUT..
Input=Disk/tape/CD/DVD/Network/internet/USB/Flash...Anything After the installation of the system...that requires you to load/install something new.
there WAS a tracker in an MS windows program for over 8 years. it was in the Music player. It was a mistake. Not removed after programming.
BUT, that same idea has changed. you CANT go around the net, without being tracked anymore. as soon as you have a Browser, anyone/any site can ask your system for info. AND SITES can block those that DONT give the info..(remember when sites Blocked you because you didnt use Windows Explorer?). How many sites give you POPUPS because you Block the adverts??
My customers found out they like me, for 1 big reason...Im forgetful. I cant remember ANY of the passwords they give me.
[ link to this | view in chronology ]
I'm glad the people who call from "Microsoft Support" to help you fix your computer because it has viruses on it are finally paying for their scam.
[ link to this | view in chronology ]