Office Depot And Partner Ordered To Pay $35 Million For Tricking Consumers Into Thinking They Had Malware

from the gotcha! dept

I have worked in the B2B IT services industry for well over a decade. Much of that time was spent on the sales side of the business. As such, I have become very familiar with the tools and tactics used to convince someone that they are in need of the type of IT support you can provide. One common tactic is to use software to do an assessment of a machine to determine whether it’s being properly maintained and secured. If it is not, a simple report showing the risks tends to be quite persuasive in convincing a prospective client to sign up for additional support.

Done the right way, these reports are factual and convincing. Done the Office Depot way, it seems only the latter is a requirement. The FTC announced on its site that Office Depot and its support partner,, Inc., has agreed to pay $35 million to settle a complaint in which the FTC alleged that consumers were tricked using a computer health application into thinking their machines were infected with malware when they often times were not.

Office Depot has agreed to pay $25 million while its software supplier,, Inc., has agreed to pay $10 million as part of their settlements with the FTC. The FTC intends to use these funds to provide refunds to consumers.

“Consumers have a hard enough time protecting their computers from malware, viruses, and other threats,” said FTC Chairman Joe Simons. “This case should send a strong message to companies that they will face stiff consequences if they use deception to trick consumers into buying costly services they may not need.”

The complaint itself, embedded below, is quite the read. Office Depot’s scheme went like this. For a decade, Office Depot would take in customers’ computers for diagnostics. Through it’s partnership with, PC Health Check would be run on these machines and the owners of them would be given a short questionnaire to fill out. While that application can in fact be useful in detecting malware on machines, the FTC alleges that the “report” delivered to consumers was based entirely off of the short questionnaire instead. And what kind of questions were consumers asked to answer to indicate whether their machines were infected with malware or not?


These included questions about whether the computer ran slow, received virus warnings, crashed often, or displayed pop-up ads or other problems that prevented the user from browsing the Internet.

The complaint alleges that Office Depot and configured the PC Health Check Program to report that the scan found malware symptoms or infections whenever consumers answered yes to at least one of these four questions, despite the fact that the scan had no connection to the “malware symptoms” results. After displaying the results of the scan, the program also displayed a “view recommendation” button with a detailed description of the tech services consumers were encouraged to purchase—services that could cost hundreds of dollars—to fix the problems.

Members of the IT industry are already laughing at this. There is a universal understanding in our industry that if you ask a user if his or her machine is running slow, he or she will say yes. Full stop. To base a recommendation off of this answer, never mind to configure software to report malware symptoms based on it, is ludicrous in the extreme. Unless, of course, you’re building a tech support business on the strategy of tricking consumers into thinking they have malware infections when they do not. In that case, all of this makes perfect sense.

Except that it’s also a violation of laws against deceptive practices. It’s also dumb in the extreme, as it’s the kind of trick you can only get caught at once to torpedo your reputation and cause the public to never seek out your help for tech support again. Put another way, there is zero reason for anyone to ever seek out Office Depot’s help for their computers ever again.

That’s no way to run a business.

Filed Under:
Companies: office depot,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Office Depot And Partner Ordered To Pay $35 Million For Tricking Consumers Into Thinking They Had Malware”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: "That's no way to run a business. "

The trick is to extract as much money as possible before the company goes down in flames… while you can still point to a profitable company during your next job interview.

There are lots of companies. Why take a recurring small profit from one when you can take a huge profit, then jump ship and repeat?

Anonymous Coward says:

The good news is that since 2016 when they (and others) got caught, the actual security industry has clamped down hard on software of this type, to the point that if that version of PC Health Check were run today on a PC with any security software (including Windows Defender), the software itself would get flagged up as maliciously deceptive in short order. I can just see the look on the Office Depot employees’ face when THAT alert comes up….

Uriel-238 (profile) says:

I remember when Symantec got caught.

Theirs was (is?) a downloadable diagnostics program which would produce a list of security or performance issues and then recommend Symantec utilities to fix them.

Only the utilities recommended wouldn’t.

A white hat bought the products, ran them. Uninstalled them and ran the free diagnostic again. Sure enough, many of the warnings were not priority enough to actually be addressed by the programs recommended to fix them.

In the 90s, among my of tech support ads, one suggested a few of the free diagnostics / anti-malware offerings on line before buying into a commercial brand. (Call me if you have a problem, or you’re feeling too lazy/busy/whatever to do periodic maintenance of your computer.)

Scott S. (profile) says:

just their cost of doing business?

Of course, their duped customers only get "refunds," and they’re probably for far less than they were ripped off. Victims should get full refunds plus punitive damages. And the people who orchestrated this scheme should face criminal charges. How much did they profit? More than the $35 million fine? To be any kind of a deterrent, fine should be every dollar the scheme profited, plus treble punitive damages to the victims, and jail time for the purps.

ECA (profile) says:

Running outside software..

If yu dont know what the program is/does, and/or a friend wishes to run it ON YOUR COMPUTER…

That program can gather Tons of info, and data and Pop it onto a disk/Flash card and All of a sudden, there is more of a problem then you think..
Its not just the FAKe Virus/bot ID, its all your passwords, Internet visits, Bank data, as well as Backdooring into your system remotely. Your computer is important, more so then your cellphone.

LEARN a few things, DO them yourself..MOST programs can/will run in the background or you can Manually run them IF’ things get alittle strange on your computer. Find something you trust. Find SOMEONE you trust..Search the net and READ a few articles on things you might want or need.

Do remember, nothing is perfect. Alternatives help. I have 3 programs to scan my machine, and each does it in different ways. Things cant hide very well.

The biggest thing to remember. A CLEAN SYSTEM can Stay clean, as long as there is NO INPUT..
Input=Disk/tape/CD/DVD/Network/internet/USB/Flash…Anything After the installation of the system…that requires you to load/install something new.
there WAS a tracker in an MS windows program for over 8 years. it was in the Music player. It was a mistake. Not removed after programming.
BUT, that same idea has changed. you CANT go around the net, without being tracked anymore. as soon as you have a Browser, anyone/any site can ask your system for info. AND SITES can block those that DONT give the info..(remember when sites Blocked you because you didnt use Windows Explorer?). How many sites give you POPUPS because you Block the adverts??

My customers found out they like me, for 1 big reason…Im forgetful. I cant remember ANY of the passwords they give me.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...