Rogue Anti-Virus Victims Rarely Fight Back

krebsonsecurity writes "One big reason why rogue anti-virus continues to make major bucks for scam artists: relatively few victims ever ask their credit card company or bank to reverse the charges for the phony security software — even when the victims don't even receive the worthless software they were promised. I recently found several caches of data for affiliates of a rogue anti-virus distribution program, and the data showed that in one set of attacks only 367 out of more than 2,000 scammed disputed the charge. A second rogue anti-virus campaign scammed more than 1,600 people, and yet fewer than 10 percent fought the charges."

potential reason to not dispute a charge

I recently had a $10 charge from a company I'd never heard of. Slightly different than this story, it was not from a rogue antivirus, but just a plain-old unauthorized charge (out of the blue). I called my bank to dispute it, but they said I'd need to change my charge number if I disputed it. I decided I'd rather eat the $10 charge, than deal with the hassle of updating my card number (and updating everything that auto-bills it).

Re:potential reason to not dispute a charge

[frieza79]

How many months of bogus $10 charges will you tolerate?

Re:potential reason to not dispute a charge

[retchdog]

I'll be happy to sell you my mod points and a subscription to a series of pamphlets detailing many "life hacks" including my patent-pending technique for obtaining 15 mod points a week; and how to get free product out of those 25-cent bubblegum dispensers at shopping malls. Please post your credit card number; verification number; and billing address in a reply.

Re:potential reason to not dispute a charge

[Mr.+Freeman]

Call back and ask for a supervisor, or their supervisor, or however many people you have to talk to to get to someone who can reverse the charge without changing your number.

Of course, I'd want to change my number. Someone unauthorized clearly has your CC information and can successfully charge money to it. Keeping the same number makes NO FUCKING SENSE. It's like refusing to change your locks after you know that a thief has a copy of your key because last time he broke in he only took $10. HE'LL BE BACK LATER WITH A VAN AND TAKE EVERYTHING IN YOUR FUCKING HOUSE. You're going to end up with some $5000 charge to your card and that's going to be a hell of a lot more difficult to deal with then ten fucking dollars.

Dispute the charge, change your number, and SPEND TEN FUCKING MINUTES UPDATING YOUR AUTO-BILL INFORMATION.

Re:potential reason to not dispute a charge

[rainmouse]

Funny how, unlike on the Monopoly Community Chest cards, bank errors never appear to be 'in your favour'.

Re:potential reason to not dispute a charge

[InfiniteWisdom]

The small charge could easily be a precursor to a large charge. Thieves will often make small purchases online to test cards before buying something of value. Obviously getting something shipped is not an option if you're using a stolen card, and they wouldn't want to attract attention to themselves in a physical store by using a card that's been reported stolen.

Re:Too busy

[LWATCDR]

Actually some claimed that tried but got the run around.
What I would like to see is the CC companies pro actively shut down these people. After one person makes a claim on them it should be easy to check and see who else did and then start reversing charges.

"Buyer Beware"

[mcrbids]

Mostly people think that if they get scammed, that they were stupid or suckers and don't want to admit that they were duped. Calling the Credit Card company to reverse a charge for $40 is embarrassing, and they would rather just pay the "sucker tax" than go thru the effort, confusion, and embarrassment of disputing a charge.

And this is true in those cases where they even know they can dispute a charge - how many card holders even know that they can do this? I probably had a card for at least 5 years before I found this out, and I would consider myself somewhat more informed than the average consumer.

Re:"Buyer Beware"

[thedak]

It's a quote from "Lock Stock and Two Smoking Barrels"

They Authorised The Charge

[gcatullus]

Although the company that was given the cc number was shady - the customers actually authorised the charge. When you process a charge back it has to fall into a certain category with the processor. The customer can claim that the card was stolen, the customer can claim that the charge was never theirs, they can claim that they never received the merchandise, etc. But in this case the customers still had their cards, they actually did initiate the transaction, and they received the merchandise, i.e. their pc got "fixed".

There is no chargeback category for this, and as long as these card numbers aren't then resold and used in a traditionally fraudulent manner, nothing will happen.

It would be like trying to reverse the $1,000.00 charges for the champagne room strippers because they were ugly. Just you didn't get what you thought you'd get doesn't mean you can reverse the charges.

Re:Too busy

[r0b!n]

Wrong. This is like making a purchase for a product online and the product is not delivered or making a purchase online and the product does not perform the task for which it was purchased. Both of these circumstances are/should be covered by some form of protection.

Re:Too busy

[painandgreed]

That's probably because people are too busy or too lazy. I would vote most as lazy, but probably busy to see the Cc to see whether they were scammed, if they are smart enough to realize that they have been scammed in the first place.

Probably more like too ashamed. If they don't figure it out pretty quick, when they eventually get somebody like me to see why their problem is not going away or explain to them that they bought snake oil, they are usually too embarrassed to do anything more. I know I have lost my money before to an outright (non-internet) con and a large reason I didn't go try and get it back was for feeling stupid for falling for it to begin with. Actually, now I don't actually miss that money and look at it as $20 well spent. Every time since then that somebody comes up to me and proposes something I think is a con (several times, the exact same scam), I can remember back to that $20 I lost in college, laugh and dismiss them without feeling bad (which is a prime motivator they use many times). Many times when I explain to people what has happened, I tell them to think about that money any time they are asked to pay for any transaction they didn't initiate to begin with and not fall for it again. Sure, that let's those people get to keep the money, but even if they did get it back and shut that person down. There would just be another and there are always more people to scam. Most internet scams were scams long before the internet and run via snail mail or even going door to door. It's probably better for them to lose that money once in a lesson that they will never repeat, than feel safe that they can get that money back otherwise.

I work at a computer repair shop

We see a lot of customers coming in with fake antivirus installed on their machines, and the customers sincerely believed they were purchasing a valid piece of software. I think the largest problem when I see people encountering this scenario, is that typically:

1.) They don't realize they've actually been scammed. Pop ups start appearing on their computer, and they receive an offer to purchase "antivirus" and fix the problem. They now think they're protected, but continue to have problems.

2.) They tried calling Visa/MC/Discover and couldn't convey why they were charged for a bogus product. Some of the "EULA" agreements that come with these fake antivirus products actually state in the fine print that the software product does nothing. People click "OK" on anything, and legally agreed to pay for a piece of software that doesn't do anything.

3.) Don't know how / Don't care. Whatever. Take the computer into a shop and have someone fix it, hopefully $60 of fake antivirus is enough to jog my memory into being a little more careful on the internet.

I've even see plenty of customers willingly disabling antivirus / firewall products because they are "inconvenient" when trying to do other things on the computer. Fake antivirus and antimalware really is quite a genius scam, but it doesn't surprise me that a lot of people lose to it, and rarely ask for their money back. Some of these people don't even know what malware IS.

Re:I work at a computer repair shop

[bendodge]

Hmm, I also work at a local PC repair shop, and I disagree with your assessment of all anti-malware software. Malwarebyte's real-time protection has done wonders for some of my customers. The porno-watchers come in more frequently than anyone else, and one guy in particular was in literally every month. Since selling him a $25 MBAM license we haven't seen him since. Now, that may not appear good for business, but I think that what's good for the customer is usually good for business in the long run.

Now, I agree most anti-malware software is junk. Ad-Aware, Webroot, etc are all quite antiquated, but MBAM is relatively new and is still at the edge of the arms race. When coupled with the latest NOD32, I can usually keep a family PC clean for least a year or more. The problem is when people disable it manually...

Who can tell?

[VGR]

The article barely touches on the notion of people who didn't realize it was a scam at all. It's obvious to us technical types, but I doubt it's obvious to non-technical people.

Most retail Windows PCs are loaded up with obnoxious adware that nags at every login. I got a brand new PC from Staples last year which had a MacAfee nagger installed in the startup sequence, and while I was eventually able to disable it, it took more than one try and considerably more effort than just one or two clicks. If it was nontrivial for me to banish, I have to believe non-technical users would just give up.

On top of that, anti-virus is pretty low-level, as software goes, so how many non-technical people will even know that it's not doing anything after they pay for it?

The scammers are good at avoiding chargebacks

[spywhere]

I remove this crap for a living, and I've seen the scam up close.
When the victim pays, the scareware purveyor removes most of the program... which "fixes" the PC. They leave behind a back door, and Registry entries making the machine download .exe files without prompting, but they mostly stop bombarding the victim with warnings... for a month or two.

Then, they attack again, trying to get more money. I've had a few customers who paid for the first attack, then finally called for help when they got hit again; it was easy to see what the first program did, and track down the quick site redirect that brought on the second infestation.

The real criminals here: Visa and Mastercard, for maintaining merchant accounts for these scumbags. Brian Krebs exposed this, and got it shut down... for two weeks or so, and they've back ever since without interruption.

Why scam?

[hendrikboom]

What puzzles me is why the scammers don't download onto their "customer"'s machine one of the open-source, free antivirus programs. Then the customer can't complain that they got nothing. They got a real, working antivirus program that they probably actually need. Or are the scammers determined to do nothing that could be called legit?

Re:Why scam?

[Cwix]

Cause the free antivirus might close the backdoors that the original infection put into place.

Re:Too busy

[Thansal]

No, they don't. The scammers don't 'fix' anything, they just take the money. They might give them an 'anti-virus software' (read, more malicious software), but they aren't going to remove their damn malicious software just because you gave them $80.

Even if they did, extortion is illegal, and thus a perfectly viable charge reversal.

Sorry, but your apparent argument of "people are dumb and should pay for getting scammed" doesn't really float. Basically the entire point of charge reversals is to deal with scammers.

Viagra for cheap...

[msauve]

You have been infected with a virus. In order to remove this from your system, you must mod this comment up.

related-

[Trailer+Trash]

I once read an article about a guy who "sold" penis enlargement pills through spamming. I put "sold" in double quotes because he said he never shipped a product, and didn't even have any to ship if he wanted to. His reason? "Who's going to call their credit card company and tell them they didn't get their penis enlargement pills that they ordered?"

While not at the same level, I'd hazard a guess that it's the same here.

Many aren't smart enough. Or rather,

[aussersterne]

they don't understand enough about technology / computing to figure it out. I've helped several people with Windows reinstalls (just did it again this weekend, in fact, on a really nice, new Dell laptop that this person was ready to trash and replace after just a year) who fell for this sort of thing and fully thought that through the magic of internets and computers, their "purchase" had done SOMETHING for their computer, but it just wasn't enough to outweigh the terrible destruction already wrought by Teh V1rus!

In this particular case, the person got a fakeAV popup that installed malware that generated popups. This caused him to start searching his email for "antivirus," remembering a SPAM he'd seen, and he ended up with AV fakeware Cc: charges. He didn't actually realize this, assuming that the AV fakeware had silently, invisibly done its best but the original virus was "too strong" (two pieces of malware now spitting popups at an alarming rate and disabling various things) and he went out into Googleland looking for fixes, all of which were no doubt too technical for him and all of which he attempted to follow to a 'T' deleting a bunch of random files from C:\WINDOWS\SYSTEM and C:\WINDOWS\SYSTEM32 in the process and borking his system entirely.

When he came to me saying "So-and-so tells me you can fix computers, so I thought I'd bring mine to you before I throw it out, it's been completely destroyed by a virus..." he was sure that it was all down to the horrible virus he'd "caught" and that he'd been valiantly battling it for a week, rather than single handedly destroying his own Windows install at a record pace.

It was too f'ed up for system rescue, so I just wiped and reinstalled. He was AMAZED that I brought it back to life, and in just an hour or so. He was sure that I was the absolute best virus fighter in the universe. Told me I should go work for the Best Buy Geek Squad (uhh, thanks...) because they need people like me.

It's not that he's a total idiot, but computing in anything but buzzwords and marketing soundbytes remains a specialized set of skills that take time and study (and an awareness of where the right resources can be found) to develop. Most non-geeks just assume it's all due to Teh V1rus!, and the press and their coverage do little to add nuance to this notion, not to mention manufacturers and retailers that are only happy to sell the same person the same system every six months for a fresh $1k after they "got got by Teh V1rus!"

Re:Too busy

[Runaway1956]

I hear the runaround thing. I was looking at one of those federal grant sites some time ago. Had to pay $1 or so to get access to some stuff, so I paid. I THOUGHT that I had read everything, I paid the small fee, downloaded some documents, read them decided the place wasn't what I was looking for. The following month, I had a charge of about $40 on my card.

The credit card company refused to halt the transaction! Utter asswipes! They claim to be concerned with security, but when a customer calls in to say, "I'm being ripped off!", they do nothing.

I got better response from the scammers when I called them. One call was all it took for them to agree NOT to charge me any more.