Consumer Warning: Computer Security Product Scams


Eric's Home Page
  1. How the Scam Works
  2. Real Risks
  3. Protect Yourself


How does the scam work?

Fundamentals of running a scam

Every scam starts the same way. The scam artist gathers some publically available information on you. He gets your name and address out of the phone book. He checks the county records to see who owns the house where you live, and if there's been any transfer of ownership from husband to wife lately (so he can find a nice naive widow to prey upon). Once he finds a likely victim, he then tries to trick the victim into buying some unnecessary product. Usually he gets away with it. Even if the police catch the scam artist, the victim almost never files charges. "But he was such a nice young man!" she might say.

In the Internet world, scam artists operate pretty much the same way, but because most people know very little about the Internet, scam artists don't need to work as hard to find victims. They work more like muggers, lurking around in the seamier sides of the Internet, especially porn sites and nutcase militia and "black helicopter" conspiracy sites where everybody already feels either guilty or that they're being spied upon by the government anyhow. They flash a little publically available info, do some slight-of-hand to make you think you're seeing something that's not really happening (just like a stage magician who makes you think you're seeing him pull a scarf out of his mouth, when it's really coming out of his sleeve), and voila!

A little intro to the Internet

Before we can talk about how this particular scam works, let's talk about the Internet. The Internet works like this: Your web browser sends a request for information to the web server. Let's say's web server. Google then sends you the web page that you requested. Think of the Internet as the electronic version of the U.S. Postal Service, with your computer basically being a post office box, and the web site being basically someone that you requested to send information to your computer.

Like the U.S. Postal Service, everything on the Internet has an address. Otherwise nobody would know where to send things! Think about it -- if you call Victoria's Secret and ask them to send a catalog, how are they going to send you a catalog if you don't give them an address?! Similarly, if you contact Google's web site and ask them to send you a web page, how are they going to send you a web page if your computer doesn't give them an address?!

So, let's look at Internet addresses. Like a post office box address, it is assigned to a particular "post office" (Internet Service Provider, or ISP). By looking at this address, Google (or whoever you're requesting web pages from) can detirmine a few things. They can detirmine a) what your Internet address is (doh, else how do pages get back to you?!), what city you're in, and what ISP you're using. They can NOT detirmine what your name is, or what your real (physical) address is, at least not unless you explicitly tell them.

The Scam

The whole goal of the scam is to scare you -- to use the minimal publically available information above (your computer's Internet address, ISP name, and city) to state that you're being "investigated", that you're "broadcasting personal information to the Internet", or otherwise need their product. Said product generally being unnecessary and overpriced, of course.

So let's lay out your publically available information:

  1. Your IP address:
  2. Your ISP or company:
  3. Your City: (Sorry, reverse-lookup to find your city based on your IP address is a pay service, and I'm not paying.)
And one more thing, that works only on Windows: A browser function that displays a directory on your computer -- to you. I.e., does NOT transmit the contents of that directory over the Internet. If you're running Windows, you will now see the contents of your C:\ directory:

Okay, so the scammer has some true information about you, or at least can display that true information to you. His goal then is to intersperse his lies with the true information in hopes that the "truth-ness" of the true information will spill over onto the lies. Propoganda is all about being sneaky with your lies -- making sure there's just enough truth surrounding them to make them seem plausible. So here we go.

  • You are being investigated -- lie.
  • Your ISP, , is cooperating with this investigation. -- lie. But note how a piece of true information (your ISP or company name) is used to make this false information seem plausible, and thus make the previous lie seem plausible.
  • Your computer is broadcasting your IP address,, to the Internet. -- Lie. Your IP address is sent only to web sites where your computer requests web pages, so that they have an address for sending the requested information. But note how a piece of true information (your IP address) is used to make this false information seem plausible, and thus make the previous lie seem plausible.
  • You can be fired for what you browse at work - True. This has nothing to do with the scam products, which won't protect you from being fired for what you browse at work, but is tossed in to make the rest of the scam seem more plausible.
  • The Internet is placing hidden evidence onto your computer. Lie. Your web browser does cache information on your hard drive, but this isn't "hidden".
  • When you erase files, they are not really erased. True. This truth is typically interspersed somewhere with all the lies, to make the lies seem plausible.
The scammers then promise you that if you buy their product, they'll "end the investigation", protect you from being fired, protect you from jail, and whatever else seems plausible (the only reason they don't promise the common cold is because nobody's stupid enough to believe that promise... but if they could get away with it, they would).

Remember, the whole goal of a scam is to trick you into buying a product you don't need, generally for a higher price than you should be paying. Often the product is a usable product (albeit generally not fulfilling all the outrageous promises that were made as to what it'd to), but if you don't need it, you're being scammed. Even if you do need such a product (an issue I discuss in the next installation of this tutorial), you can generally buy a usable product for cheaper from a reputable vendor (as vs. from a scam artist), or even get it for free from a number of sources.

John Bryant

Note that everything on this page is Copyright 1997-2018 John Bryant and represents my own opinions and nobody else's. Reproduction without permission strictly prohibited.