The Federal Trade Commission on Wednesday said Office Depot and a tech support firm will cough up a collective $35 million to settle with the agency over claims that both were complicit in a computer repair service scheme involving a fake malware scan.
Using a program called PC Health Check, the FTC claimed in its complaint that Office Depot, its subsidiary OfficeMax, and its service provider Support.com ran a program that ostensibly performed a sweep for malware on customers’ computers but in actuality relied solely on the affirmative responses provided in an accompanying four-part questionnaire. Essentially, the complaint said, the program did not do what it said it did and instead was designed to flag apparent malware when respondents replied “yes” to the questions.
Questions asked by the PC Health Check program included whether an individual’s machine frequently crashed, was slow, showed pop-up ads, or surfaced virus warnings. If someone checked any of the boxes on these questions, the program then prompted them to purchase pricey technical fixes for the issues that could run hundreds of dollars per individual service.
Per the complaint, Office Depot and OfficeMax instructed their store workers to “to offer to run the PC Health Check Program on every computer that a consumer brought into a store.” The service duped consumers out of tens of millions of dollars in services and repairs, the FTC said.
The complaint said Office Depot and Support.com operated the fake malware-scanning scheme from 2009 to November 2016—when a report from CBS-affiliate KIRO 7 flagged the practice—despite knowing for years that PC Health Check was producing bogus malware and virus reports and in spite of employee complaints about the program.
In one example cited by the FTC, an OfficeMax employee in 2012 reportedly told the company’s upper management that they could not “justify lying to a customer or being TRICKED into lying to them for our store to make a few extra dollars.”
If all of this wasn’t already damning enough, the complaint stated that Office Depot told its stores in 2013 not to conduct a PC Health Check sweep following repairs, explicitly stating that the “tool ‘assumes’ there is an infection based on questions asked.” In other words, it evidently knew that its program could raise some red flags if it repeatedly produced the same assessments even after computers were serviced.
Office Depot will pay $25 million while Support.com will pay another $10 million to settle with the FTC, money that the agency said it plans to use to repay victims of the deceptive malware scheme.
FTC Chairman Joe Simons said in a statement that the “case should send a strong message to companies that they will face stiff consequences if they use deception to trick consumers into buying costly services they may not need.” Let’s certainly hope so.
Update 3/29/19 4:45 p.m. ET: A spokesperson for Office Depot provided the following statement to Gizmodo:
“Office Depot’s settlement with the Federal Trade Commission (FTC) resolves an investigation relating to a computer diagnostic service that was offered to Office Depot and OfficeMax customers prior to December 2016. The proposed consent order, which has been filed with the US District Court for the Southern District of Florida, provides for a judgment in favor of the FTC in the amount of $25 million to provide equitable relief for affected customers. While Office Depot does not admit to any wrongdoing regarding the FTC’s allegations, the company believes that the settlement is in its best interest in order to avoid protracted litigation.”