An elderly client called with a computer problem that sheds light on one of many ways the bad guys trick people. In the fall of 2015, Mr. Victim was planning a road trip and wanted to update his TomTom GPS. However, he was having trouble downloading and installing the necessary software, so he used a popular search engine and keyed in the words “Tom Tom”.
Mr. Victim’s search engine returned several results, and among the top links was this:
He thinks this is the official TomTom site, so he clicks the link, which brings up:
Well, it says TomTom, has the logo, and the download is free! But if you read to the bottom of the page, we see this:
Notice the black text on a dark gray background? This is not only a bad design choice it is downright deceitful. You can barely read it, and the bad guys are hoping you won’t.
Don’t strain your eyes! It says, “ Your download is managed by AirinstallerTM, a modified installer which differs from the original and may offer additional free software at time of install. The user has no obligation to install this additional software. If the user does choose to install the software but wants to uninstall at a later time, instructions to do so can be found on the Removal page. Freewareflow is compensated based on users accepting 3rd party offers during install. This software may also be found for free on the original author’s site, here. Emphasis added.
Mr. Victim installs the software thinking it is an update from TomTom, but it is actually a bait and switch scheme from Omnitech Support. The software identifies hundreds of problems with his computer, using scary terms and bright red warning signs. The client calls the number, gives them his credit card info and they establish a remote session, working for hours on his “problem”. They give up, call the next day and resume troubleshooting and of course, billing the victim hundreds of dollars along the way. After a couple of days of getting no solution to his original TomTom problem, Mr. Victim calls me.
It took about a half hour to remove all of the unnecessary software Omintech installed, and about five minutes to fix his TomTom issue.
But wait! There’s More!
Fast forward one year. Omnitech calls Mr. Victim again, this time apologizing for his dissatisfaction and offering him $100 refund. They talk to him for a short while, and steadily increase the refund offer in $100 increments, every time he balks. At the $400 mark, Mr. Victim falls for it again. Along the way, Omnitech tricks Mr. Victim into downloading and running their remote connection software, seen here:
Once connected, Omnitech tricks Mr. Victim into logging into his online banking, and “attempt” to refund his money directly into his account. Oddly, the attempt fails. They try to refund it to his Discover account, and this fails.
The next step is particularly troubling. Omnitech, now in remote control, transfers $3000 between Mr. and Mrs. Victim’s savings accounts, taking the money from the savings account of Mr. Victim’s wife. Omnitech claims it was their transfer, and Oops! their mistake! So now, they apologize Mr. Victim, and ask him to “simply send them $2600” and keep the $400 as a refund and their apology. Omnitech even searches for Western Union locations near Mr. Victim’s home, finding one at our local Fruth pharmacy. Omnitech puts Mr. Victim on hold, calls Fruth to see if they can initiate wire transfers.
During the pause, Mr. Victim calls me, suddenly very concerned something is awry. So, we take the necessary steps necessary to delouse his computer and protect Mr. Victim’s identity, but that’s a topic for another blog post.
Be careful on the Interwebs!