Organised gangs deceive web users into downloading malicious ‘anti-virus software’
Get Safe Online Week 2010
15th November, 2010
Organised criminal gangs are exploiting security-conscious internet users by tricking them into downloading and paying for anti-virus (AV) protection which is actually malicious software – known as ‘scareware’ – in disguise. Often operating on a commercial scale, these gangs target victims through cold calls and by deceiving legitimate webmasters into advertising phony software for a ‘pay per download’.

Evidence from some of the most serious ‘malicious anti-virus’ (also known as ‘rogue AV’) cases known to date indicate that organised gangs stand to make millions while victims are left out-of-pocket, their bank details stolen and their computers seriously compromised, say experts at GetSafeOnline.org, the UK’s national internet security initiative [1].

Typically posing as help desk staff from legitimate IT companies, fraudsters prey on consumers concerned about protecting their computers by trying to ‘sell’ them fake security software or by warning them that their machine has been infected and they have to pay to fix the problem. Victims are misled into thinking that their computers are infected with malicious software which can be fixed at a nominal cost – usually around £30 ($50) to download a ‘patch’. The ultimate goal is to obtain credit card information or secure remote control of the victim’s computer for other illegal activity, such as identity fraud or to launch phishing attacks that are then untraceable.

New research released today by GetSafeOnline.org indicates that almost 1 in 4 (24%) UK adult web users have been approached by someone claiming to be from an IT helpdesk offering to check their computers for viruses [2].

The Rt Hon Baroness Neville-Jones, Minister of State for Security, comments: “Given that our latest research indicates 80% of UK internet users have never heard of these ‘IT helpdesk’ scams, yet almost a quarter have been approached by them, it is vital that we make people aware of this threat. While it’s encouraging to see that UK web users are today more security-aware, criminals will always try to be ahead of the game and will use increasingly sophisticated methods to take advantage where they can. However, equipped with the right information, there’s no need for anyone to be deterred from going online or from protecting their computers with the right security software. We have one request to make during Get Safe Online Week [3] – for everyone to take just five minutes to visit www.getsafeonline.org and make sure they know how to spot the tell-tale signs of such scams.”

Sharon Lemon OBE, Deputy Director, Cyber Crime, Serious and Organised Crime Agency, explains: “This is big business. In recent cases, we have seen gangs employing 300-400 people to run their operations and using call centre-scale set ups to target victims en masse. They can also be paying out as much as $150,000 a month (on a pay per download basis) to individual webmasters who are unwittingly advertising their fake software – this level of investment from criminals indicates that the returns are much heftier than this.”

Webmaster operations are believed to be widespread, sending out thousands of messages and only needing a small percentage of successful responses to be profitable. Nearly half (48%) of UK web users say they have seen a pop-up window on their PC claiming that their computer has been infected by a virus.

Dr Emily Finch, criminologist at the University of Surrey, explains the psychology behind the success of these scams: “The general public is more internet security-aware than it was five years ago – malicious AV scams are an indication that criminals are now tapping into this. Rather than exploiting our ignorance – the basic premise of common scams such as phishing – they are actively using our knowledge and fear of online threats to their advantage.

“The one-to-one nature of the telephone calls also signals a more invasive approach. Whereas tactics such as the Nigerian 419 garnered success by being ‘faceless’, telephone calls use the personal touch to gain trust. By knowing just a little bit of information about someone (e.g. date of birth, full name, address – easily obtainable by fraudsters who know where to go), criminals begin to sound credible and plausible in their approach,” she adds.

Tony Neate, Managing Director, GetSafeOnline.org, advises: “Web users should ignore ‘cold calls’ from companies offering free virus checks, and be very cautious of any on-screen pop ups. Most reputable IT providers do not approach customers in this way without prior notice or a direct request.”

Get Safe Online Week 2010
Malicious AV operations are one of the key threats being highlighted at the annual Get Safe Online Summit taking place in central London this morning, marking the start of this year’s Get Safe Online Awareness Week, which runs from 15th to 19th November.

At the Summit, Get Safe Online will also launch its 2010 Report, UK Internet Security: State of the Nation. The Report highlights that, although the last few years have seen some steady improvements in installing computer security software and our ability to detect common scams, over a third of UK internet users (34%) still report being the victim of a computer virus attack, 22% have experienced a phishing scam, and over 1 in 5 (21%) have been a victim of identity fraud.

For information and advice on how to guard against online fraud and other internet crime, visit the Get Safe Online website at www.getsafeonline.org. Anyone who has fallen victim to online fraud should contact Action Fraud www.actionfraud.org.uk.