Office Depot And Partner Ordered To Pay $35 Million For Tricking Consumers Into Thinking They Had Malware

from the gotcha! dept

I have worked in the B2B IT services industry for well over a decade. Much of that time was spent on the sales side of the business. As such, I have become very familiar with the tools and tactics used to convince someone that they are in need of the type of IT support you can provide. One common tactic is to use software to do an assessment of a machine to determine whether it’s being properly maintained and secured. If it is not, a simple report showing the risks tends to be quite persuasive in convincing a prospective client to sign up for additional support.

Done the right way, these reports are factual and convincing. Done the Office Depot way, it seems only the latter is a requirement. The FTC announced on its site that Office Depot and its support partner,, Inc., has agreed to pay $35 million to settle a complaint in which the FTC alleged that consumers were tricked using a computer health application into thinking their machines were infected with malware when they often times were not.

Office Depot has agreed to pay $25 million while its software supplier,, Inc., has agreed to pay $10 million as part of their settlements with the FTC. The FTC intends to use these funds to provide refunds to consumers.

“Consumers have a hard enough time protecting their computers from malware, viruses, and other threats,” said FTC Chairman Joe Simons. “This case should send a strong message to companies that they will face stiff consequences if they use deception to trick consumers into buying costly services they may not need.”

The complaint itself, embedded below, is quite the read. Office Depot’s scheme went like this. For a decade, Office Depot would take in customers’ computers for diagnostics. Through it’s partnership with, PC Health Check would be run on these machines and the owners of them would be given a short questionnaire to fill out. While that application can in fact be useful in detecting malware on machines, the FTC alleges that the “report” delivered to consumers was based entirely off of the short questionnaire instead. And what kind of questions were consumers asked to answer to indicate whether their machines were infected with malware or not?


These included questions about whether the computer ran slow, received virus warnings, crashed often, or displayed pop-up ads or other problems that prevented the user from browsing the Internet.

The complaint alleges that Office Depot and configured the PC Health Check Program to report that the scan found malware symptoms or infections whenever consumers answered yes to at least one of these four questions, despite the fact that the scan had no connection to the “malware symptoms” results. After displaying the results of the scan, the program also displayed a “view recommendation” button with a detailed description of the tech services consumers were encouraged to purchase—services that could cost hundreds of dollars—to fix the problems.

Members of the IT industry are already laughing at this. There is a universal understanding in our industry that if you ask a user if his or her machine is running slow, he or she will say yes. Full stop. To base a recommendation off of this answer, never mind to configure software to report malware symptoms based on it, is ludicrous in the extreme. Unless, of course, you’re building a tech support business on the strategy of tricking consumers into thinking they have malware infections when they do not. In that case, all of this makes perfect sense.

Except that it’s also a violation of laws against deceptive practices. It’s also dumb in the extreme, as it’s the kind of trick you can only get caught at once to torpedo your reputation and cause the public to never seek out your help for tech support again. Put another way, there is zero reason for anyone to ever seek out Office Depot’s help for their computers ever again.

That’s no way to run a business.

Filed Under:
Companies: office depot,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Office Depot And Partner Ordered To Pay $35 Million For Tricking Consumers Into Thinking They Had Malware”

Subscribe: RSS Leave a comment

Re: "That's no way to run a business. "

The trick is to extract as much money as possible before the company goes down in flames… while you can still point to a profitable company during your next job interview.

There are lots of companies. Why take a recurring small profit from one when you can take a huge profit, then jump ship and repeat?


The good news is that since 2016 when they (and others) got caught, the actual security industry has clamped down hard on software of this type, to the point that if that version of PC Health Check were run today on a PC with any security software (including Windows Defender), the software itself would get flagged up as maliciously deceptive in short order. I can just see the look on the Office Depot employees’ face when THAT alert comes up….


I remember when Symantec got caught.

Theirs was (is?) a downloadable diagnostics program which would produce a list of security or performance issues and then recommend Symantec utilities to fix them.

Only the utilities recommended wouldn’t.

A white hat bought the products, ran them. Uninstalled them and ran the free diagnostic again. Sure enough, many of the warnings were not priority enough to actually be addressed by the programs recommended to fix them.

In the 90s, among my of tech support ads, one suggested a few of the free diagnostics / anti-malware offerings on line before buying into a commercial brand. (Call me if you have a problem, or you’re feeling too lazy/busy/whatever to do periodic maintenance of your computer.)

Scott S.says:

just their cost of doing business?

Of course, their duped customers only get "refunds," and they’re probably for far less than they were ripped off. Victims should get full refunds plus punitive damages. And the people who orchestrated this scheme should face criminal charges. How much did they profit? More than the $35 million fine? To be any kind of a deterrent, fine should be every dollar the scheme profited, plus treble punitive damages to the victims, and jail time for the purps.


Running outside software..

If yu dont know what the program is/does, and/or a friend wishes to run it ON YOUR COMPUTER…

That program can gather Tons of info, and data and Pop it onto a disk/Flash card and All of a sudden, there is more of a problem then you think..
Its not just the FAKe Virus/bot ID, its all your passwords, Internet visits, Bank data, as well as Backdooring into your system remotely. Your computer is important, more so then your cellphone.

LEARN a few things, DO them yourself..MOST programs can/will run in the background or you can Manually run them IF’ things get alittle strange on your computer. Find something you trust. Find SOMEONE you trust..Search the net and READ a few articles on things you might want or need.

Do remember, nothing is perfect. Alternatives help. I have 3 programs to scan my machine, and each does it in different ways. Things cant hide very well.

The biggest thing to remember. A CLEAN SYSTEM can Stay clean, as long as there is NO INPUT..
Input=Disk/tape/CD/DVD/Network/internet/USB/Flash…Anything After the installation of the system…that requires you to load/install something new.
there WAS a tracker in an MS windows program for over 8 years. it was in the Music player. It was a mistake. Not removed after programming.
BUT, that same idea has changed. you CANT go around the net, without being tracked anymore. as soon as you have a Browser, anyone/any site can ask your system for info. AND SITES can block those that DONT give the info..(remember when sites Blocked you because you didnt use Windows Explorer?). How many sites give you POPUPS because you Block the adverts??

My customers found out they like me, for 1 big reason…Im forgetful. I cant remember ANY of the passwords they give me.

Leave a Reply to Anonymous Cancel reply

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
13:40 It's Great That Winnie The Pooh Is In The Public Domain; But He Should Have Been Free In 1982 (Or Earlier) (35)
12:06 Norton 360 Now Comes With Crypto Mining Capabilities And Sketchy Removal Process (28)
10:45 Chinese Government Dragnet Now Folding In American Social Media Platforms To Silence Dissent (14)
10:40 Daily Deal: The 2022 Ultimate Cybersecurity Analyst Preparation Bundle (0)
09:29 A Fight Between Facebook And The British Medical Journal Highlights The Difficulty Of Moderating 'Medical Misinformation' (9)
06:29 Court Ruling Paves The Way For Better, More Reliable Wi-Fi (4)
20:12 Eighth Circuit (Again) Says There's Nothing Wrong With Detaining Innocent Minors At Gunpoint (15)
15:48 China's Regulatory War On Its Gaming Industry Racks Up 14k Casualties (10)
13:31 Chinese Government Fines Local Car Dealerships For Surveilling While Not Being The Government (5)
12:08 Eric Clapton Pretends To Regret The Decision To Sue Random German Woman Who Listed A Bootleg Of One Of His CDs On Ebay (29)
10:44 ICE Is So Toxic That The DHS's Investigative Wing Is Asking To Be Completely Separated From It (29)
10:39 Daily Deal: The 2022 Complete Raspberry Pi And Arduino Developer Bundle (0)
09:31 Google Blocked An Article About Police From The Intercept... Because The Title Included A Phrase That Was Also A Movie Title (24)
06:22 Wireless Carriers Balk At FAA Demand For 5G Deployment Delays Amid Shaky Safety Concerns (16)
19:53 Tenth Circuit Denies Qualified Immunity To Social Worker Who Fabricated A Mother's Confession Of Child Abuse (35)
15:39 Sci-Hub's Creator Thinks Academic Publishers, Not Her Site, Are The Real Threat To Science, And Says: 'Any Law Against Knowledge Is Fundamentally Unjust' (34)
13:32 Federal Court Tells Proud Boys Defendants That Raiding The Capitol Building Isn't Covered By The First Amendment (25)
12:14 US Courts Realizing They Have A Judge Alan Albright Sized Problem In Waco (17)
10:44 Boston Police Department Used Forfeiture Funds To Hide Purchase Of Surveillance Tech From City Reps (16)
10:39 Daily Deal: The Ultimate Microsoft Excel Training Bundle (0)
09:20 NY Senator Proposes Ridiculously Unconstitutional Social Media Law That Is The Mirror Opposite Of Equally Unconstitutional Laws In Florida & Texas (25)
06:12 Telecom Monopolies Are Exploiting Crappy U.S. Broadband Maps To Block Community Broadband Grant Requests (7)
12:00 Funniest/Most Insightful Comments Of 2021 At Techdirt (17)
10:00 Gaming Like It's 1926: Join The Fourth Annual Public Domain Game Jam (6)
09:00 New Year's Message: The Arc Of The Moral Universe Is A Twisty Path (33)
19:39 DHS, ICE Begin Body Camera Pilot Program With Surprisingly Good Policies In Place (7)
15:29 Remembering Techdirt Contributors Sherwin And Elliot (1)
13:32 DC Metro PD's Powerful Review Panel Keeps Giving Bad Cops Their Jobs Back (6)
12:11 Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers (39)
10:48 Oversight Board Overturning Instagram Takedown Of Ayahuasca Post Demonstrates The Impossibility Of Content Moderation (10)
More arrow
This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it