Slashdot Mirror

← Back to Stories (view on slashdot.org)

Rogue Anti-Virus Victims Rarely Fight Back

Posted by kdawson on from the price-you-pay-for-being-had dept.

krebsonsecurity writes "One big reason why rogue anti-virus continues to make major bucks for scam artists: relatively few victims ever ask their credit card company or bank to reverse the charges for the phony security software — even when the victims don't even receive the worthless software they were promised. I recently found several caches of data for affiliates of a rogue anti-virus distribution program, and the data showed that in one set of attacks only 367 out of more than 2,000 scammed disputed the charge. A second rogue anti-virus campaign scammed more than 1,600 people, and yet fewer than 10 percent fought the charges."

8 of 173 comments (clear)

  1. They Authorised The Charge by gcatullus · · Score: 4, Informative

    Although the company that was given the cc number was shady - the customers actually authorised the charge. When you process a charge back it has to fall into a certain category with the processor. The customer can claim that the card was stolen, the customer can claim that the charge was never theirs, they can claim that they never received the merchandise, etc. But in this case the customers still had their cards, they actually did initiate the transaction, and they received the merchandise, i.e. their pc got "fixed".

    There is no chargeback category for this, and as long as these card numbers aren't then resold and used in a traditionally fraudulent manner, nothing will happen.

    It would be like trying to reverse the $1,000.00 charges for the champagne room strippers because they were ugly. Just you didn't get what you thought you'd get doesn't mean you can reverse the charges.

    1. Re:They Authorised The Charge by durdur · · Score: 2, Informative

      It's actually quite sucky to be a credit-card taking merchant, because all the risk of a transaction going bad is pretty much on your shoulders. The card issuer assumes no risk or liability themselves. Which is why some outfits don't take credit cards.

      A consumer can always dispute a charge. They can say the merchandise was defective, which it surely was here. Usually the merchant either works it out with the consumer or if they're a scammer they never respond and they're out the money, plus, as a merchant, if you get too many chargebacks, your card company may decide you are more trouble than you are worth and drop you.

      I guess you can abuse the system as a consumer, too. Still the merchants bear the greater risk of having things go wrong, because they process more transactions.

  2. Re:Too busy by r0b!n · · Score: 4, Informative

    Wrong. This is like making a purchase for a product online and the product is not delivered or making a purchase online and the product does not perform the task for which it was purchased. Both of these circumstances are/should be covered by some form of protection.

  3. Re:"Buyer Beware" by iammani · · Score: 2, Informative

    You could deposit it in an ATM.

  4. The scammers are good at avoiding chargebacks by spywhere · · Score: 4, Informative

    I remove this crap for a living, and I've seen the scam up close.
    When the victim pays, the scareware purveyor removes most of the program... which "fixes" the PC. They leave behind a back door, and Registry entries making the machine download .exe files without prompting, but they mostly stop bombarding the victim with warnings... for a month or two.

    Then, they attack again, trying to get more money. I've had a few customers who paid for the first attack, then finally called for help when they got hit again; it was easy to see what the first program did, and track down the quick site redirect that brought on the second infestation.

    The real criminals here: Visa and Mastercard, for maintaining merchant accounts for these scumbags. Brian Krebs exposed this, and got it shut down... for two weeks or so, and they've back ever since without interruption.

  5. Re:potential reason to not dispute a charge by InfiniteWisdom · · Score: 4, Informative

    The small charge could easily be a precursor to a large charge. Thieves will often make small purchases online to test cards before buying something of value. Obviously getting something shipped is not an option if you're using a stolen card, and they wouldn't want to attract attention to themselves in a physical store by using a card that's been reported stolen.

  6. Re:Too busy by Thansal · · Score: 4, Informative

    No, they don't. The scammers don't 'fix' anything, they just take the money. They might give them an 'anti-virus software' (read, more malicious software), but they aren't going to remove their damn malicious software just because you gave them $80.

    Even if they did, extortion is illegal, and thus a perfectly viable charge reversal.

    Sorry, but your apparent argument of "people are dumb and should pay for getting scammed" doesn't really float. Basically the entire point of charge reversals is to deal with scammers.

    --
    Do Or Do Not, There Is No Spoon, There Is Only Zuul. Everything in the above post is probably opinion.
  7. Re:"Buyer Beware" by thedak · · Score: 3, Informative

    It's a quote from "Lock Stock and Two Smoking Barrels"