Here are a couple of Sophos articles that caught my eye, and which I felt compelled to comment on at more length.
- For Sophos, Paul Ducklin picked up on Facebook’s page How can I tell if my info was shared with Cambridge Analytica? Useful, I suppose, if you can’t remember whether you might have clicked on Cambridge Analytica’s This is your digital life app. And of limited use if it tells you that one or more of your friends clicked on it and so may have shared your profile data. Limited in that it won’t tell you which of your friends did so. Well, I suppose you should be grateful that Facebook is preserving somebody’s privacy, even if it’s not yours. And it may be useful in that it prompts you to check your privacy settings.
- Another Sophos article by Lisa Vaas notes that YouTube illegally collects data from kids, group claims. The group of privacy advocates in question asserts that ‘a study … found that 96% of children aged 6-12 are aware of YouTube and … 83% of children that know the brand use it daily … The group is urging the FTC to investigate the matter as it is illegal to collect data from kids younger than 13 under the Children’s Online Privacy Protection Act (COPPA).’ YouTube’s fallback position would presumably be that it isn’t intentionally contravening COPPA because ‘YouTube is not for children’. Hence the creation of the separate YouTube Kids app.
…well, there’s no foolproof way of doing that (getting your money back, that is), unfortunately. But Shaun Nichols reports for The Register that FTC ready to give back tech support scamming money to the bilked.
“Those who have been identified as eligible by the FTC will get an email from the commission with a PIN number that can be used to obtain the claim forms. In order to claim a share of the payout, consumers will have to fill out a claim before October 27.”
The article does, very sensibly, point out the risk that scammers will use the FTC’s initiative as a springboard for further scams. Unfortunately, I can’t predict exactly what form such scams will take, but I’d be surprised if they don’t happen…
The Federal Trade Commission’s own press release is here: FTC Announces Refund Process for Victims of Deceptive Tech Support Operation.
Eligible consumers bought tech support products and services between April 2012 and November 2014 from Advanced Tech Support, which also used the name Inbound Call Experts. Consumers will have until October 27, 2017 to submit a request for a refund.
Here’s an interesting article from The Register – FTC fells four tech-support operations in scammer crackdown – by Shaun Nichols, about the FTC’s latest move in the war against support scams.
It won’t come as news to regular readers of this blog and my other articles at ESET and elsewhere (or some excellent articles by Jérôme Segura et al for Malwarebytes, come to that) that it ‘Turns out Microsoft and Apple don’t use pop-up ads for tech support‘.
It’s certainly a Good Thing, though, that the FTC (the US Federal Trade Commission) has turned its attention to ‘four companies and four individuals in its legal complaint (PDF) alleging violations of both the FTC Act and the US Telemarketing Act’.
The violations cited here are in the form of fake system alerts, fake browser alerts, or fake security software alerts of the type I’ve addressed here (and even at Mac Virus – e.g. Pop-ups and Support Scams), that advise the victim of a ‘problem’ with their device and direct them to a ‘helpline’ that purports to represent one of the major operating systems, not only for old-school computers (Windows, OS X, Linux) but for mobile devices such as smartphones.
A preliminary injunction ordered by The United States District Court for the Eastern district of Pennsylvania names eight defendants, and prohibits them from fraudulent marketing and billing, and effectively freezes their assets while the FTC’s complaint is investigated.
What impact the FTC’s actions will have on the international support scam industry is hard to say, but any impact has to be better than none.
This is one of my articles for IT Security UK about the FTC securing an injunction against Pairsys Inc, which (according to The Register) is is “banned from deceptive telemarketing practices, and may not sell or rent their customer lists to any third party. The injunction requires that their websites and telephone numbers must be shut down and disconnected, and their assets be frozen.”
Small Blue-Green World
ESET Senior Research Fellow
An article by me for ESET pointing to and commenting on a recent article by the FTC on a new-ish twist to tech support scams: Tech Support Scams: Second Byte at the Cherry.
Added, of course, to the AVIEN resources page here: PC ‘Tech Support’ Cold-Call Scam Resources
ESET Senior Research Fellow
On the subject of testing (or at least of reviews), Tom Kelchner in the Sunbelt blog pointed out upcoming FTC rules that make (some) bloggers who review products more accountable by declaring . That’s products in general, of course, but there are obvious implications for this industry: the Untangled tests, for instance, were largely publicised through their blog (and secondary sources such as other bloggers and other media, of course).
Sunbelt: New FTC rules: bloggers must reveal pay and perks they get for reviews http://bit.ly/Qy26L
MSNBC story: http://www.msnbc.msn.com/id/33177160/ns/technology_and_science-tech_and_gadgets/