FTC Holds Companies Accountable for Online Lead Generators - Security Boulevard

FTC Holds Companies Accountable for Online Lead Generators

The Federal Trade Commission (FTC) dropped the $30 million hammer on Career Education Corporation (CEC) for using leads obtained from dubious and illegal website operators to engage with prospects with the hope of having the prospect enroll in CEC’s post-secondary schools. This is one of the first cases in which a company was being held responsible for its vendors’ conduct.

CEC and its many subsidiaries used lead generators that claimed to be affiliated with the U.S. military or be recommended by the military. These sites’ false claims were designed to entice individuals to share their personal identifying information (PII) “under the guise of providing job or benefit assistance.”

“You can’t skirt the law by outsourcing illegal conduct to your service providers,” said Andrew Smith, director of the FTC’s Bureau of Consumer Protection. “This case demonstrates that the FTC will seek to hold advertisers liable for the deceptive or illegal practices of their affiliates, publishers or other lead generators. We expect companies purchasing leads to implement strong vendor management programs and stay on the right side of the law.”

CEC: The Back Story

According to the FTC complaint, CEC’s “lead generators posed online as official U.S. military recruiters or as job-finding services, then called consumers whose contact information was solicited under those false pretenses. CEC’s lead generators then continued to misrepresent that the military, or an independent education adviser, recommended CEC. Three of the lead generators—Sun KeyEdutrek and Expand—have themselves been the subject of FTC law enforcement actions.

Exhibit 1 screenshot

Sun Key

Sun Key implied an association with the U.S. military through its imagery. The FTC charged Sun Key with having its personnel contact interested individuals posing as representatives of the military and pitch the post-secondary schools—schools that were supposedly endorsed by the military. Sun Key would sell each lead to entities such as CEC for between $15 and $40 each. The FTC socked Sun Key with an $11.1 million penalty for its deceptive practices.

FTC Exhibit: screenshot of website claiming to find government jobs for usersEduTrek

EduTrek also would use images to project its affiliation with the U.S. military. If a visitor to the site read the small print, howeer, they would learn such was not the case. The company had no leads to jobs; it was simply collecting the consumer information and then selling the information to third parties. While the example reflects an implied U.S. government affiliation, EduTrek reached into the worlds of unemployment benefits, health insurance, Medicaid coverage and more.


In 2016, Expand settled with the FTC for its deceptive pre-screening interviews for “employers, like banks, government agencies and multinational corporations,” according to the FTC complaint. The reality was that the interviews were designed to generate leads for its clients, to which the firm would sell each lead for $22 to $125. The FTC fined the firm $90 million, of which all but $360,000 was suspended with several caveats including truthfulness of Expand and its representatives.

Bottom line: Know your vendor and the provenance of the information being used by your firm, especially in the marketing and sales arena.

Christopher Burgess

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 134 posts and counting.See all posts by burgesschristopher