Industry News

Has Office Depot claimed your PC had a malware infection when it didn’t?

Many of us are familiar with scareware. The pop-ups that appear on your computer, designed to frighten you into believing that your PC has a malware infection, in the hope that you’ll pay up for a cure you don’t need.

But what if a high street retailer was the one doing the scaring?

US retail giant Office Depot has been accused of intentionally tricking its customers by selling costly computer fixes for malware problems that simply don’t exist.

That’s the claim made by Jesse Jones of KIRO TV News, after he took brand new, fresh out-of-the-box PCs to Office Depot and its sister store OfficeMax in Seattle and Portland, Oregon.

The computers, which had never been connected to the internet and were independently verified as malware-free by a security firm, were deemed to each require up to $180 worth of repairs after Office Depot declared them infected.

A follow-up report by a Boston-based news team confirmed the findings, suggesting the problem was not confined to one particular part of the United States but might be widespread amongst Office Depot stores countrywide.

So, what happens if you take your computer to Office Depot for a “free PC Health Check”?

Well, the process starts with an Office Depot employee running a program on your PC, which asks a question:

office-depot-question

Does your computer have any of the problems below?

[ ] Frequent pop-ups or other problems prevent me from browsing the internet.

[ ] My PC recently became much slower or is too slow to use.

[ ] I am often warned of a virus infection or I am asked to pay for virus removal.

[ ] My PC frequently crashes.

Whistleblower Shane Barnett, who used to work at Office Depot, says that running the program is mandatory and staff are told they must meet technical service sales goals by running conducting unnecessary “repairs”.

If you answer yes to any of the choices offered by the program, you are automatically told that your PC has a malware problem says Derek Held, an IT specialist at security firm IOActive that assisted KIRO TV News with its investigation:

“When any four of them is checked any combination and single, as long as one of those boxes is checked you will see the malware symptoms in the report. It didn’t matter anything else that was on the report. It was automatic that made it show up on the report.”

According to reports and posts on social media, many other Office Depot employees have confirmed the scam which is thought to have been going on for years.

ex-staff

It certainly doesn’t inspire confidence when you discover that Office Depot’s PC Health Check service is developed by Support.com. Support.com was ordered, with partner AOL, to pay US $8.5 million in 2013 after being accused of using free malware scans to trick consumers into believing their PCs were infected.

Struck by a wave of bad publicity, Office Depot says it has suspended the PC tune-up service throughout its retail chain while it conducts its own internal investigation.

However, one has to ask whether it is appropriate for Office Depot to investigate its own processes, or whether the allegations that customers have been defrauded should be probed by the authorities
instead.

US Senator Maria Cantwell has called on the FTC to investigate the allegations:

“American consumers rely on their personal computers now more than ever. Kids need computers for their school work; families need computers to keep track of their finances; and small business owners need computers to run their enterprises. They are the gateways through which we live our lives. In this context, Office Depot’s exploitative behavior is particularly disturbing.”

If the allegations are found to be true, it may spell bad news for the Office Depot brand – and could mean that there are lots of defrauded customers wondering how they might get their money back.

In the meantime, my advice is this: Vote with your wallet. If you have a problem with your home computer you might be better off asking your family for a personal recommendation or a trusted technical friend for assistance than going to a big business for help.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

3 Comments

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Dirty scammers Office Depot! I suspect this problem is systemic to all stores. Making money is the prime directive in many businesses these days. If consumers were just a bit more computer savvy, they could "fix" their own computers without depending on these scammers for help. Good riddance dirty scammers.

  • As an employee of Officemax in Massachusetts, I knew this all along and brought it to the attention of a manager who no longer works there. I knew it was unethical especially when I brought my PC in and ran various configurations with the 4 questions and each coming back with different scenarios. I was told that I had to sell this in order to make numbers. After seeing this investigation, I never felt more embarrassed now. I was glad the store I worked in was ethical and decided not to use the health check when the station came into our store