So other than the annoyance factor, why does this particular telemarketing call deserve to be in the Marketing Hall of Shame?

First, the call source disregards the national Do Not Call list. Any and every phone number out there can be one of targeted numbers, despite the fact that it’s illegal for telemarketers to bother people on the Do Not Call list. Of course, the spoofed numbers hide the real source of the calls, so disgruntled recipients of the call can’t call back and complain, or even report the number with any chance of the government catching the caller.

Second, the call is not targeted at people who actually have car warranties, or even people who actually have CARS. It’s a blanket telemarketing attempt, conducted nationwide, without regard for who the call recipients are. The “second and final” notice is a scare tactic that isn’t remotely accurate. Imagine the frustration of the public-transit riders out there who get calls about the expiring warranties on their nonexistent cars! These calls are so widespread and so annoying that they’ve generated articles on multiple websites and investigation from multiple state governments. That’s quite a broad scope for a telemarketing scam.

Third, the calls are repeated relentlessly. Some people on consumer complaint websites comment that they’ve received this call dozens of times, often in the same day. I’ve personally received this call on my cell phone about once a week for the past few months.

Fourth, if the recipient stays on the line and speaks to a live person in an effort to clear up the apparent confusion, their requests to be removed from the call list tend to be ignored. Again, many people on consumer complaint sites say that they’ve asked to stop receiving the calls, but despite assurances that they will be removed from the calling lists, the calls continued.

Fifth, for those who actually purchased the extended warranty offered in the calls, the coverage turned out to be less than ideal. The telemarketers don’t represent the car manufacturers, and getting reimbursed for car repairs can be difficult, according to the Iowa Attorney General’s office (as quoted in the New York Times).

Last, for some of these telemarketing calls, there’s more than just annoyance at stake. Some of these car warranty calls are actually attempts to steal the identities and information of the call recipients. The callers use the same “final notice” scare tactics to trick people into giving up key personal information. So speaking to the callers can lead to more than just a useless car warranty; it can lead to a credit and identity nightmare.

What is being done to handle this particular telemarketing scourge? According to the New York Times, several state attorney generals are looking into the companies behind the calls in an effort to investigate legal wrongdoing (such as violations of the Do Not Call list) and whether the companies and warranties themselves are legitimate. Telling people that their warranties are near expiration might also be deceptive and misleading sales practices which justify legal action (this seems like a no-brainer, but the states must conduct their due diligence in looking into this case).

In the meantime, if you get a call that starts with “This is your second and final notice,” hang up. You might get more of them, and you might get annoyed by them, but you can do your part to fight back. Call your state’s attorney general office and complain. Go to the Do Not Call website and file a complaint. Make some noise, and the authorities will do what they can to make the calls stop.

To the companies behind the calls, nice job! You’ve become the first telemarketers in Privacy Council’s Marketing Hall of Shame.

Sources for this article: The New York Times, Caller Complaints, The Internet Patrol, Autoblog

Photo source: www.freedigitalphotos.net

By now, you’ve probably figured out where this is going: that pop-up is a scam, something known as “scareware.”

Those who DO click “OK” on the serious-looking window out of fear that their PC is actually in danger usually start a download of malware onto their hard drives. The program pretends to run a scan, telling the user that there are lots of “critical problems” with their computer that must be fixed. Of course, those mysterious problems do get fixed if the customer agrees to buy the full version of the repair software for roughly $40. The entire thing is an elaborate scam, one that is both illegal and incessant; one IP address appears to have received the pop-up at least 200 times in a single day.

It’s a “blatant rip off of consumers,” Washington State Attorney General Rob McKenna said, as reported on CNET news. He said that users were “duped into downloading a fake scan and then duped into paying for software they don’t need.”

These pop-ups have been around long enough for most of us to encounter one at least once, but now there is some news on the scareware front. Microsoft and the Attorney General’s office in Washington state filed or amended lawsuits last month against companies including Alpha Red, Branch Software, SMP Soft and Registry Update, all of which allegedly use the fake security warnings to scare users into spending money on a fix. In some of the cases, the defendants are listed as “John Doe” because the owners of the companies aren’t known. In the case of Alpha Red and Branch Software, James Reed McCreary is the owner named in the lawsuits. His Texas-based company sells a scam product called Registry Cleaner XP for $40. The lawsuits charge McCreary and the other companies with misrepresentation, harassment, and high pressure sales. The state of Washington seeks an injunction and undisclosed civil penalties from McCreary.

The lawsuits were made possible because of Washington’s Computer Spyware Act, which makes it illegal to create scary messages that appear to come from elsewhere (in this case, Windows) in order to terrify people into a software purchase. The Computer Spyware Act was put into place in 2005, and in that year, Microsoft and Washington state successfully sued Secure Computer (makers of Spyware Cleaner) for $1 million when they charged the company with using scareware pop-ups. The law was recently updated to include outlawing the sort of deception that McCreary and others allegedly conducted. The state has filed seven cases under the law since 2005, while Microsoft has filed 17 spyware-related legal actions in that time.

In the current case, consumers who have experienced the scareware ads can file their own lawsuits if they wish. Since many people have a healthy fear of a security breach on their computer, the messages work particularly well when the scammers play on that fear, suggesting that personal privacy and security are at stake. The defendants, if convicted in the current lawsuit, face fines of up to $2,000 per violation, plus restitution and attorney fees. We’ll keep you posted on the results and any future lawsuits brought against the companies.

So what should you do if the “Warning!” pop-up appears on your screen? Don’t click the red X in the upper right hand corner of the window, for one thing, says Christopher Null of Yahoo! Tech Blogs. While it appears to be the same sort of button that makes the standard Windows box go away, remember that this isn’t a true Windows box. Clicking the red X might start the download of the malware. Instead, go to the task bar at the bottom of the screen and right-click on the pop-up’s bar to close it. Other than that, you can close and restart your Internet browser to make the pop-up go away.

Just don’t click “OK”… It’s anything BUT okay.

Sources for this article: Yahoo! News, Yahoo! Tech News, Yahoo! Tech Blogs, CNET news, Scareware, Seattle Post Intelligencer

The scam artist sends an email that appears to be from a bank, online auction site, or other online merchant. The email says that the recipient’s account information has been compromised (or needs to be confirmed or verified), and that the recipient must click a link and enter all of his or her account information to update the records. The email might suggest that an account will be disabled or frozen if the recipient doesn’t respond. The email appears to be legitimate and official (complete with artwork and logos from the company’s actual site), and if the recipient clicks the link, the account information page appears to be legit, as well. The well-known logos or brands lend credibility to the email. The problem is, the page is a fake, and any information entered into the system becomes a way for someone to steal the recipient’s identity.

Phishing scams have been around long enough for many people to recognize them when they show up in an email inbox. The scammers are becoming increasingly sophisticated, though, and as new users (many of whom are elderly or unfamiliar with the pitfalls of the web) sign up for internet service, the potential continues for the scams to work on at least a few hapless individuals. It is important to know what to look for in scam emails and how to protect oneself from phishing attempts. 

Microsoft offers some examples of phrases that suggest an email is fraudulent:

“Verify your account.” – Banks and businesses don’t ask for this information by email.

“If you don’t respond within 48 hours, your account wil be closed.” – This statement sounds urgent, which makes people click on it without questioning it.

“Dear Valued Customer” – The lack of a name means the email was sent in bulk, not specifically to the recipient.

“Click the link below to access your account” – Links don’t always lead where they appear to lead. Consider the link that looks like this: Click here to visit Wells Fargo but actually leads elsewhere (if you click this link, it leads to Google, not Wells Fargo). This is called “masking” the link. Resting (but not clicking) the cursor over the link will show where the link ACTUALLY goes. Sometimes, the scammers will use URLs that look similar to the real thing, but are just a tiny bit off. For example, a link that claims to go to bankofamerica.com might actually go to “bankoffamerica.com” or “account-bankofamerica.com,” neither of which is an authentic banking site.

The criminals conducting phishing scams are prolific; the antiphishing.org website notes that in January 2008, 29,284 unique phishing reports were made, with 131 brands hijacked by phishing scams in that month alone. You might receive the next phishing scam in your inbox, or your brand may be the next one hijacked. 

The Federal Trade Commission (FTC) recommends these steps to protect yourself from a phishing scam:

1. Do not reply to emails that ask for personal or financial information. Legit companies will never ask for this information via email. Don’t click on links in these emails, either. Call a genuine customer service number if you are concerned about your account.

2. Don’t call numbers that are in these questionable emails, since area codes can be misleading, and the helpful service rep you reach might be a scammer. Call the number on the back of your financial statement instead.

3. Use anti-virus and anti-spyware software and a firewall, and keep them updated.

4. Don’t send personal or financial information via email, even if you’re sending it somewhere legitimate. Email is not a secure method of sending information, and emails can be intercepted by criminals.

5. Review your credit card and bank statements as soon as you receive them. Check for any unauthorized charges.

6. Be careful about opening email attachments or downloading files from emails, and NEVER open attachments from a sender you don’t recognize.

7. Forward phishing emails to spam@uce.gov and report the scam to the company being impersonated, if possible (some companies have a means to report scams on their websites).

8. Check your credit report periodically to see if anyone is opening new lines of credit in your name.

Please be sure to share these tips with any friends or family members who may fall victim to phishing, especially anyone who is new to email. If you think you’ve been scammed, the FTC recommends filing a complaint at ftc.gov, then visiting their identity theft website at www.consumer.gov/idtheft.

If you have a business and you are concerned that your pages and logos could be “spoofed” in a phishing scam, be prepared. Create a page on your site where customers can report phishing scams that involve your company, and pass along any reports you receive to the FTC. Request details from customers such as copies of the text from the phishing email and links to the spoof sites. Be understanding and supportive when speaking with customers who have fallen victim to this scam, as they will probably be extremely frustrated and angry. Maintain the highest possible level of security with your own website so that the sensitive data you hold will remain safe and customers will be confident in that safety.

Sources: www.ftc.gov, www.antiphishing.org, www.microsoft.com