As popular as Internet of things products are becoming, the more likely it is they’ll fall to people who only have bad intentions. Consequently, as popular as Amazon Alexa is, there are bound to be nefarious individuals looking to harm users. This is the backbone of a lawsuit regarding two companies that set out to scam new Amazon Alexa users.
Amazon Alexa Scam
Granted, Amazon is no stranger to lawsuits regarding Alexa devices. But this time they’re sitting on the opposite side of the room. They’re sitting in the plaintiff chairs while two other companies are sitting in the defendants’ chairs.
Amazon filed a civil lawsuit in federal court last week. This stated that an international crime ring devised a scheme against new Alexa users. Customers downloaded fake Amazon apps and were prompted to contact customer support on the phone. This led to charges for for useless protection plans.
“Amazon works hard to protect our customers, and the blatant misuse of our brand to deceive unsuspecting customers setting up their new device is appalling,” said an Amazon spokesman in a statement.
The defendants set up fake websites and mobile apps under the guise of helping people set up their new Alexa devices, according to the lawsuit. Soon after they downloaded the apps, however, they were shown a fake animation. This led to a pop-up that would notify them of an error. They were directed to call a toll-free number for help. Fifteen to 20 workers at a call center in India are believed to have been answering these calls.
A person pretending to be a tech support worker would take control of the caller’s computer remotely. This person would claim there were technical issues with the device. A pricey protection package was offered to solve the issues.
An investigator working with Amazon called a number from this scam. This person was charged $150 for a protection plan that included a firewall service that didn’t work.
The two apps and most of the websites mentioned in the lawsuit have been deactivated. It appears as if much of the scam has already been shut down. Amazon had previously filed paperwork to remove the fake apps.
Amazon provides Alexa device setup for free through its Alexa mobile app on the Apple App Store and Google Play Store. Further, Echo devices come with setup instructions. Looking further the fake apps were developed by “Smart Home Expert” and not Amazon.
The two companies accused of running the Amazon Alexa scam and posing as tech support are Robojap Technologies in Covington, Washington, and Quatic Software Solutions based in Punjab, India. Interestingly, earlier news said that India suffers the most IoT attacks.
Quatic’s website that is listed in the suit is no longer online, but the suit also explains that Robojap manages Quatic. The Robojap website is still accessible. It has a D+ rating from the Better Business Bureau. The two apps – “Setup Guide for Echo” and “Echo Setup Instructions & Guide” – are no longer available on the Google Play Store.
It’s unknown how many Amazon Alexa customers were affected by the scam. However, the company says it received “a number of complaints about Robojap misleading victims into believing they are affiliated with Amazon and selling them unwanted services.”
Amazon is accusing the two companies of trademark and other violations and is asking for damages. It’s unknown whether the company will also pursue criminal charges.
“Fake customer support calls are nothing new,’ as are “questionable websites purporting to have the download, driver, or path that you’re searching for but can’t find on the vendor’s website,” explains Tim Mackey, principal security strategist at Synopsys Software Integrity Group
He adds that “these scams all prey on the fact that modern technology is often more complicated than the user would prefer. While those users are well-intentioned in their searches, often the problem is a combination of initial use issues such as documentation errors combined with users who make setup assumptions without reading the provided documentation.”
Mackey suggests applying “skepticism” to these types of tactics. He notes that “it’s in Amazon’s best interest for new Alexa users to have a positive first impression. Charging US$150 for a tech support call goes against that goal, so it’s likely a scam,” as is any requirement to use a third party for assistance.
If you’re worried about your other devices, check out some common IoT security threats.