He rang the various numbers listed on the "Warning!" websites multiple times, Segura said, and always reached a "help desk" that recommended E-Racer Tech. "They said 'We recommend you go to Best Buy, or we have this company,'" Segura said, citing one conversation with a technician. "But we know that they're related. We called the phone number for E-Racer and got the same 'help desk.'"
In fact, the help desk at the other end of the toll-free numbers and E-Racer Tech were one and the same. "They're trying to make it look like two different entities, when there is just one. It's meant to make the victims believe they talked to different parties and that E-Racer Tech is recommended by Microsoft's help desk," said Segura. He speculated that the tactic was designed to keep the scam under the radar or let the operators hide behind plausible deniability.
Although some of the tactics were identical to those used by the more familiar Indian outfits, including the use of shady affiliate networks to drive traffic to the "Warning!" websites, ditching the cold-call approach was another way to avoid notice. Cold-called support calls, he pointed out, have a lousy reputation because of the Indian scammers.
"Companies have identified this business model, where they get people on the phone, show them fake errors or viruses, and try to pitch very expensive services and packages," said Segura. "They seem to typically target the elderly."
Even the quality of the service was used to mask the real profit machine. "The technician was actually pretty good," Segura said. "He took the time to give some good advice. But I think that time is spent to keep the company under the radar by making it look like they're honest."
Malwarebytes said it had sent E-Racer Tech a cease-and-desist letter two weeks ago regarding the pirated key for Malwarebytes Anti-Malware Premium, but had not heard back from the firm.
E-Racer did not reply to a request for comment emailed on Saturday.
Sign up for CIO Asia eNewsletters.