'Your PC may be infected!' Inside the shady world of antivirus telemarketing

10.06.2015
Scotty Zifka was looking for a sales job. He started one in late May at a company called EZ Tech Support, a small inbound call center in an older building in northeast Portland, Oregon.

The first day of Zifka's unpaid training involved listening in on sales calls. But within three hours, Zifka felt something wasn't quite right.

"Everything about it was so weird," he recalled.

The company's 15 agents answer calls from people who've seen a pop-up message saying their computer may be having problems, and advising them to call a number, which rings at the offices of EZ Tech Support.

The agents are instructed to stick to a 13-page script. They ask callers whether they have an antivirus program installed. If they do, Zifka said, callers are usually told that whatever they're using isn't a "full-time real spectrum virus protection program."

But the agents have a solution: callers can purchase an antivirus program called Defender Pro Antivirus, from Bling Software.

EZ Tech Support sells a perpetual license for the program for $300. Agents also tell callers they can perform a one-time fix on their computers for them, which starts at $250. Callers can haggle for lower prices.

Those dialling in are typically in their late 30s or older. "A lot of mothers would call in and say, 'I'm sure it's something my son did on my computer. This has happened before'," Zifka said. "Older gentlemen -- seniors specifically -- that was the most unfortunate part."

Within 20 minutes, some callers spent up to $600 to "fix" their computers. "I was blown away by this," he said.

EZ Tech Support's general manager, Gavynn Wells, said the company abides by U.S. Federal Trade Commission regulations.

"We don't tell customers that they have issues they don't have," Wells said in phone interview. "We are not pushing them into a corner and telling them if they don't do business with us, their computer is going to blow up."

A $4.9 billion industry

Consumer antivirus software has become a highly competitive business, in part because data breaches are in the news almost every week, and people feel a need to protect themselves. It's also a huge market, with an estimated $4.9 billion in annual sales, according to Gartner.

That's drawn all types of players, some of whom specialize more in affiliate marketing than in security.

Tech support services abound on the Internet, and phone numbers for some of those businesses are often found in bundles of questionable software known as adware. People willingly download adware, often to get a free program, but it can also be foisted on them through vulnerabilities in their software.

Some adware programs display messages to people suggesting their computer is at risk, even though the adware programs aren't designed to detect security problems.

Lawrence Abrams, who runs the popular Bleeping Computer security forum, said people have complained about pop-up windows in their browsers that they can't close. In some recent cases, a man or a woman's voice tells them their computer has become infected.

"You just cannot shut the program down," said Abrams, who deliberately downloads harmful programs for his research. "So people panic, and they call the number."

Those most vulnerable are people who know little about computers and find the warnings intimidating, he said.

The FTC has started to go after some of the biggest U.S.-based tech support companies that take this type of inbound call. In November, it filed two complaints alleging tens of thousands of consumers had been conned out of more than $120 million by companies using high-pressure, deceptive sales tactics to sell software and support services.

Wells, of EZ Tech Support, used to work for one of the companies targeted by the FTC, Inbound Call Experts, before moving to Portland last year.

Although a federal judge shut down Inbound Call Experts shortly after the lawsuit was filed, the company was allowed to resume business after it agreed to changes in how it markets its services. The case, however, continues, and court records show that Inbound Call Experts and the FTC have agreed on a mediator to discuss a settlement.

The poor perception of companies offering remote support services has made it harder for legitimate ones to operate, said Dan Steiner, CEO of Online Virus Repair, based in San Luis Obispo, California.

"It's definitely not a positive image," said Steiner, who added that not many companies offered remote computer support when he started his business back in 2008.

But the industry exploded, with many companies opening call centers outside the U.S. For legitimate companies, marketing their services online proved near impossible amid the high volume of unethical businesses.

Steiner now focuses on word-of-mouth advertising, and partnerships with those he trusts in the antimalware industry.

Worth the money

Several years ago, it wasn't uncommon for adware-promoted security products to be classified as malicious software. But tactics have changed, and unscrupulous companies now sometimes sell functional products but greatly overcharge for them.

It's a tough situation for regulators: the FTC can't protect people from companies that stay within the law while marketing what may not be the world's greatest product.

The product EZ Tech Support sells, Defender Pro, appears to be legitimate antivirus software, said Andreas Marx, CEO of AV-Test, an independent organization in Germany that tests consumer antivirus suites.

The product uses a well-known antivirus engine licensed by a reputable company called Cyren. Marx said his analysts tested a trial version downloaded from Defender's Pro website. It was effective at detecting malware but also "really buggy," he said via email.

"After an update, for example, it repeatedly crashed," he said.

The retailer Target at one time sold Defender Pro in its stores. A spokesman declined to say why it is no longer stocked. Target's website still has an old product page for Defender Pro 2012, which sold for $19.99.

Marx said $300 is too much for Defender Pro, given that there are similar, basic antivirus scanners available for free from companies such as Avira, Avast and AVG. Products with Defender Pro's feature set should cost no more than $30 per year, he said.

By that measure, a user would need to keep the same computer for 10 years to justify EZ Tech Support's pricing for Defender Pro.

Closing the sale

Zifka, who quickly left the company, said EZ Tech Support agents install a remote control tool called LogMeIn Rescue to get access to callers' computers with their permission. They then install Webroot's Analyzer program, a legitimate tool that flags issues on a computer.

But Zifka said agents call out anything flagged by the software, even if it's not a security risk for the user.

"We used whatever it states as a selling point," Zifka said.

In lawsuits, the FTC has accused telemarketing companies of installing a remote tool and then using other programs, such as the Windows Event Viewer, to illustrate errors and warnings that actually have no material effect on a computer.

Wells disputes Zifka's characterization and maintained that callers aren't informed of problems that don't exist. If a caller says he is already using AVG's free antivirus product, Wells said agents will say they have good protection against viruses "but they could benefit from having something that protects them against malware."

When it was pointed out that AVG's product does protect against malware, Wells said: "Well, I was just using that as an example."

Although EZ Tech Support is registered in Wells' name with Oregon's Secretary of State, he said the business is owned by an investment company which he declined to name.

Wells said he's also not involved in the adware campaigns that distribute the phone numbers that ring to EZ Tech Support. But he said the company will remove the adware for people who call.

"We really pride ourselves in doing a good job for our customers," he said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Jeremy Kirk

Zur Startseite