On Saturday Mrs. Floppy’s laptop got socked with one of those fake Anti Virus programs that cripple the computer with the intent of separating you from about $40 to fix it all up.
Luckily I am savvy and had all the tools in place to remove it which I did. But let’s say I didn’t.
Let’s say I use my credit card to purchase the ‘program’. Does the program then pretend to clean the PC and then go away?
How do the bad guys get my $40? They would have to have a credit card merchant account linked to a real bank account. Surely this would make it easy to track them down, arrest them and lock them up.
Or, do they not get any money, just my credit card details which they can then sell. And if this happens, I assume my PC is still FUBAR’d by the fake AV program??
In my work (as a mobile PC technician) I have had to deal with lots and lots of Fake AV installations lately. Most people realise it’s a scam and don’t pay up but some fall for it. There are lots of variations on the theme but what usually happens is that the card is charged, the program vanishes for a few weeks and then returns asking for more money to remove the infection. It is usually once it returns that I get the call.
I have seen the purchase confirmation emails which look pretty convincing and it’s easy to see why people who aren’t used to using computers would be tricked into entering their credit card details.
I have also seen a case where when the client hit the submit button to purchase the so-called AV software the transaction was always declined so she kept hitting submit, of course when she got her statement she saw that every transaction had gone through and the error was bogus.
As for tracing the money I believe the accounts are usually held in countries that don’t co-operate too well with western nations so the chances of (for example) an American law-enforcement agency getting a conviction on someone who lives and banks in North Korea are basically nil.
I read an anonymous interview with a ‘hacker’ where he stated that he earned $150,000 USD per year from infecting machines with these sorts of programs, he didn’t develop the software himself he just earned a commission for every machine he infected. I can’t find the source so don’t quote me on it but with money like that to be made it seems unlikely that this practice will stop anytime soon.