Industry News

Office Depot fined millions for tricking customers into believing their PCs were infected with malware

What does the average person do when their computer starts behaving oddly? If their PC is getting slower, or they’re being pestered with an excessive number of pop-ups?

The average user – and you, dear reader, are not a typical user because you demonstrate your wisdom by reading the Hot for Security blog – probably takes their troublesome computer to a big-name retailer like Office Depot, to take advantage of a free “PC Health Check.”

Unfortunately, the bad news is that since at least 2012 consumers have been making complaints that Office Depot, and its partner Support.com, have been using the PC Health Check tune-up service as a way to trick people into buying unnecessary computer repair and technical services.

In 2016, for instance, we reported how an undercover TV news team took freshly-purchased computers that had never been connected to the internet, and had been verified as malware-free by security experts to Office Depot.

Office Depot determined that the computers required up to $180 worth of repairs due to malware infections.

Staff running the “free PC Health Check” ran a program on users’ PCs which asked a simple question:

Does your computer have any of the problems below?

The question was accompanied by four choices:

[ ] Frequent pop-ups or other problems prevent me from browsing the internet.

[ ] My PC recently became much slower or is too slow to use.

[ ] I am often warned of a virus infection or I am asked to pay for virus removal.

[ ] My PC frequently crashes.

Choosing any of these options meant that the program’s report would inform the PC’s owner that their computer had a malware infection – even if there was no other evidence.

Not all staff felt comfortable about the practice. For instance, one employee complained to corporate management in 2012, saying “I cannot justify lying to a customer or being TRICKED into lying to them for our store to make a few extra dollars.”

And yet still the deception went on, even after Support.com – alongside partner AOL – was fined US $8.5 million in 2013 for similar shenanigans.

Following mounting negative media coverage, Office Depot finally announced it was suspending its PC tune-up service while it conducted its own investigation. That wasn’t good enough for some, including a US senator who called on the FTC to hold an independent investigation.

The FTC alleged that Office Depot and Support.com were aware of concerns and complains about the PC Health Check program since at least 2012, but continued to push staff into generating sales through it until late 2016.

This week Office Depot agreed to pay US $25 million to settle the FTC allegations, while its software supplier, Support.com, has agreed to pay US $10 million. The FTC intends to use these funds to provide refunds to consumers.

The typical computer user has a tough enough time avoiding scams on the internet. The behaviour of Office Depot proves that consumers also sadly need to be on their guard when they’re visiting a high street retailer too.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

8 Comments

Click here to post a comment

Leave a Reply to John Quinn Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

    • Presumably you would still run an os of some description and would still want support and as a typical user would end up at one of these stores still falling for this kind of scam!

      The actual software you are running has nothing to do with the deception that occured here and no doubt occurs elsewhere…

    • That's not the problem, the problem is scammers you may at first thought were trust worthy falsely telling you that your computer is infected trying to make some easy money off you, it's no different from an auto repair shop scamming you

  • I always suspect about these large corporations like Office Depot and other operating in my country. Personally I am not in the need of anyone diagnosing my computers, but I always warn others about these kind of possibilities when bringing their devices there.
    The fine may have been greater.