Office Depot fined millions for tricking customers into believing their PCs were infected with malware

What does the average person do when their computer starts behaving oddly? If their PC is getting slower, or they’re being pestered with an excessive number of pop-ups?

The average user – and you, dear reader, are not a typical user because you demonstrate your wisdom by reading the Hot for Security blog – probably takes their troublesome computer to a big-name retailer like Office Depot, to take advantage of a free “PC Health Check.”

Unfortunately, the bad news is that since at least 2012 consumers have been making complaints that Office Depot, and its partner, have been using the PC Health Check tune-up service as a way to trick people into buying unnecessary computer repair and technical services.

In 2016, for instance, we reported how an undercover TV news team took freshly-purchased computers that had never been connected to the internet, and had been verified as malware-free by security experts to Office Depot.

Office Depot determined that the computers required up to $180 worth of repairs due to malware infections.

Staff running the “free PC Health Check” ran a program on users’ PCs which asked a simple question:

Does your computer have any of the problems below?

The question was accompanied by four choices:

[ ] Frequent pop-ups or other problems prevent me from browsing the internet.

[ ] My PC recently became much slower or is too slow to use.

[ ] I am often warned of a virus infection or I am asked to pay for virus removal.

[ ] My PC frequently crashes.

Choosing any of these options meant that the program’s report would inform the PC’s owner that their computer had a malware infection – even if there was no other evidence.

Not all staff felt comfortable about the practice. For instance, one employee complained to corporate management in 2012, saying “I cannot justify lying to a customer or being TRICKED into lying to them for our store to make a few extra dollars.”

And yet still the deception went on, even after – alongside partner AOL – was fined US $8.5 million in 2013 for similar shenanigans.

Following mounting negative media coverage, Office Depot finally announced it was suspending its PC tune-up service while it conducted its own investigation. That wasn’t good enough for some, including a US senator who called on the FTC to hold an independent investigation.

The FTC alleged that Office Depot and were aware of concerns and complains about the PC Health Check program since at least 2012, but continued to push staff into generating sales through it until late 2016.

This week Office Depot agreed to pay US $25 million to settle the FTC allegations, while its software supplier,, has agreed to pay US $10 million. The FTC intends to use these funds to provide refunds to consumers.

The typical computer user has a tough enough time avoiding scams on the internet. The behaviour of Office Depot proves that consumers also sadly need to be on their guard when they’re visiting a high street retailer too.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Graham Cluley. Read the original post at: