An Abney Associates Tech Tips Google, Facebook Unmask Tech Support Scams

The Internet companies uncover 4,000 ad accounts using the names of 2,400 legitimate tech support businesses to trick people into downloading malicious software

Google and Facebook are finding cunning scams in which shysters advertise 800 numbers for bogus tech support that typically leads to people giving up personal data and downloading malicious software.

The companies described the schemes in the first report published by TrustInAds.org, a nonprofit group launched this week by AOL, Facebook, Google and Twitter. The organization is dedicated to educating people about malicious Web advertisements and deceptive practices.

Tech support scams were chosen for the subject of the group's debut report because of the craftiness of the fraudsters, Rob Haralson, executive director of TrustInAds.org, said Friday. Posing as a legitimate business and providing an 800 number in an online ad or related web page makes it difficult to identify the service as a scam.

"By doing it through an 800 number, it takes the scam offline, so for Google's (automated) systems and Facebook's too, it becomes a little bit more of a challenge to determine which tech support providers are legitimate and which ones are scammers," Haralson said.

Because of the difficulty in getting automated systems to detect the scams, Google will have employees call the posted numbers and pose as callers looking for tech support. Oftentimes, the numbers are to places outside the U.S.

To date, the two companies have found a total of 4,000 such scams hijacking the names of 2,400 legitimate businesses, Haralson said. The fraudulent ads typically appear in Facebook display ads and Google search results.

Scams that depend on deceptive advertising hurt the online ad industry by further tainting the reputation of a business constantly under fire by consumer advocates for gathering too much personal data.

People roped in by the scammers can lose money and have their credit ratings damaged by downloading malicious software that contains viruses, spyware, adware and keystroke loggers. The malware is typically designed to steal personal data that can be used later to impersonate the person to obtain credit, merchandise and services.

In some cases, the crooks download software that freeze the recipient's computer and then demand several hundred dollars to unlock the system, Haralson said.

"The scammer essentially holds the computer hostage," he said.

Google and Facebook use automated and manual methods to detect fraud. The Internet companies continuously check ads and the Web pages they point to in search of signs that they are part of a fraudulent operation.

Other deceptive activities TrustInAds.org plans to report on in the future include scams that promise weight loss for little or no effort, Haralson said. The group will also look at ads that try to get people to pay for content, such as government documents, that is available for free on the web.