FTC tackles tech support scams by chasing payment processor firms

A multinational payment processing company and two of its executives are facing a potential $650k fine as a result of allegedly processing credit card payments for tech support scammers. While this fine isn’t exactly massive in comparison to some of the privacy breaches and other incidents seen down the years, the original fine the company was handed was an eye-watering $49.5m. The fine was reduced alongside an agreement to court orders which involve close monitoring of “high-risk clients”.

From the FTC release:

The Federal Trade Commission has acted to stop Nexway, a multinational payment processing company, along with its CEO and chief strategy officer, from serving as a facilitator for the tech support scammers through credit card laundering.

The FTC’s complaint against Nexway (and several of its subsidiaries and an associated company known as Asknet), its CEO Victor Iezuitov, and its chief strategy officer Casey Potenzone charges that the defendants were at the center of several offshore tech support scams, processing tens of millions of dollars in charges and giving the scammers access to the US credit card network.

A big part of the complaint is in relation to the so-called “premium tech support” customers using the Nexway system for credit card payment processing. The FTC alleges that a Nexway leadership meeting indicated that it was “strongly dependent” on its premium tech support clients, which represented 25% of Nexway’s revenue.

Additionally, the complaints related to the individual tech support scammers were in great supply. So much so that chargebacks (a way for people to dispute charges they feel to be wrong, like realising they’ve been hit by a tech support scam) and cancellations were in no short supply. From the complaint, in relation to one support scam outfit using Nexway for payment processing:

…on February 10, 2017, the Senior Key Account Manager at Nexway sent Potenzone an email titled “Nexway/TechLiveConnect: Chargeback & Cancellation rates”. The February 10, 2017 email included a table showing Tech Live Connect had (1) chargeback rates of 2.2% in November 2016, 2.6% in December 2016, and 1.5% in January 2017; and (2) cancelation rates of 23.2% in November 2016, 27% in December 2016, and 21.8% in January 2017.

Credit card companies keep a sharp lookout for signs of repeated dubious transactions happening via fraud monitoring programs. From the complaint:

Nexway had such high chargebacks that Visa placed the company in its Chargeback Monitoring Program in December 2017.

Something was clearly amiss here, and complaints from consumers related to pop-ups, locking up the screen while a siren plays, and bogus virus warnings made to the Better Business Bureau and elsewhere leads us to where we are today.

Tech support scams have been around forever, and often ride on the coattails of established brands to sell their wares. This kind of scammer has imitated everything from Microsoft to genuine security firms down the years. If you’re an organisation unfortunate enough to be imitated, you can also expect to field support calls from understandably annoyed people who think that you’ve ripped them off, as opposed to the genuine culprits.

Tips for avoiding tech support scams

There’s a huge amount to cover with this style of attack, but here’s a few of the basics to get you up to speed:

  • Beware the lock up. If your browser or mobile device “locks up”, as in you’re no longer able to navigate away from a virus warning, you’re on a tech support scam. If something claims to show the files and folders from inside of your browser, this is another signal that you’re on a fake page. Close the browser if possible (for example, by pressing CTRL+ALT+DEL on a Windows PC) or restart your device if this doesn’t work.
  • Screenlocker issues. These are typically fake Windows Blue Screen of Death error pages, except they come with the tech support scammer’s phone number included. You may need one of our removal self-help guides to resolve this.
  • Beware of someone wanting to connect to your computer remotely. One of the tech support scammer’s biggest weapons is their ability to connect remotely to their victims. If they do this, they essentially have total access to all of your files and folders. 
  • Did you already pay? Contact your credit card company or bank and let them know what’s happened. You may also need to file a complaint with the FTC, or contact your local law enforcement agency depending on your region.

For a very detailed breakdown of tech support scams, how they operate, and more suggestions to keep yourself safe from harm, please check out our dedicated tech support scams page.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.