According to ethical hacking training experts from the International Institute of Cyber Security (IICS), Office Depot and its software provider, Support.com, had to pay $35M USD to the U.S. Federal Trade Commission (FTC) due to a scam which consisted of sending fake ransomware infection alerts to their customers aiming to make them spend on computer equipment software solutions and repairs.
According to the FTC report, Office Depot, and its partner company, Office Max, used a program called PC Health Check Software, advertising it as a free tool to perform PC security diagnostics and malware detection.
However, the ethical hacking training experts claim that, instead of conducting malware scanning, this tool sent users a fake malware infection alert. After reading this alert, users were redirected to the Office Depot support site, where they were offered solutions for the alleged ransomware infections with costs of hundreds of dollars.
According to what was reported by the Commission, Office Depot, Office Max and their software supplier had already been denounced for using this tool since the year 2012. However, those companies still kept using it, even encouraging its staff and customers to use it until the end of the year 2016.
This case must set a precedent, companies must dimension the consequences of using this kind of deceptive tactics to force customers to spend more in software they don’t really need”, said a FTC manager.
Office Depot agreed to pay $25M USD as a penalty, while Support.com will pay another $10M USD. The FTC will use the fines money to reimburse the affected customers. The FTC has also banned both companies from issuing false statements about the status of the security or operation of any device operated by their customers, mentioned the ethical hacking training experts.