Today we are going to be talking about advertising, specifically misleading advertising. Whether it’s on TV or on the internet, in magazines and newspapers, we see misleading advertising all of the time, you see it all of the time, whether you realize it or not. So how do you spot it? Well, that is one of the things we are going to cover here. Once you know what to look for, you’ll be able to spot it yourself, in most cases without having to look any further than the image in the advert.
Our first example of misleading advertising is an advert promoting a “Free Scan”, but failing to mention it is only the scan that is free. In fact, you have to pay before it will fix anything it claims needs fixing. It should also be noted that in the vast majority of cases, most “problems” found are not problems at all. Registry cleaning software are very fond of using this tactic to promote their products, as are so-called “system cleaners” such as SpeedUpMyPC.
Back in 2009, I wrote about a telephony based scam that had gained momentum, and which sadly appears to have grown since then — invading other countries and scamming more victims. Since then, various other people, including my friends at Microsoft, have been investigating the companies involved, to try and both raise awareness and shut down those responsible.
In September of this year, myself, David Harley (Eset), Martijn Grooten (Virus Bulletin) and Craig Johnston (formerly Sophos), will be presenting a paper at VB2012 on this very subject, and one thing we’d like to do is try and gain a better idea of how widespread this problem is. We realize that until now a lot of people likely haven’t reported the incident due to embarrassment — but we’d like to know both how many of you have received these calls, and how many have fallen victim to them. While at InfoSec in London a few weeks ago, I met up with David and Martijn to go over some of the details, and one that we came up with was a survey, to help gain a better idea of the numbers involved — since we realise that the reports received by ourselves, and others, are likely a relatively small amount in comparison to those that have actually been called.