FTC goes undercover to probe suspected antivirus scam, scores $26M settlement

Imagine trying to trick folks into buying $500 of unnecessary repairs – and they turn out to be federal agents

A pair of tech support businesses accused of swindling marks out of their hard-earned cash have agreed to cough up a $26 million settlement following an undercover probe by the FTC.

Restoro and Reimage – both headquartered in Cyprus and, based on the US watchdog's complaint and settlement proposal [both PDFs], two arms of the same operation – have been running a pretty typical Windows antivirus scam since at least 2018, or so the regulator alleged.

Specifically, it's claimed the outfits would wait for people to install the pair's supposedly anti-malware tools and then strong-arm those folks into paying hundreds of dollars each for cleanup services and other stuff that weren't actually needed.

"These companies used scare tactics and lies about threats to consumers' personal computers to bilk consumers, particularly older consumers, out of tens of millions of dollars," FTC Bureau of Consumer Protection director Samuel Levine said today. "We have taken decisive action to halt this scheme and return money to consumers."

In this particular case, the FTC did more than just collect records, interview victims, and file charges: The watchdog got right into the midst of the suspected fraud by subjecting its own agents to the companies. 

"To replicate consumers' experience with defendants' marketing, FTC investigators made four undercover purchases of defendants' services," the FTC said in its complaint. Purchases of Restoro software were made in May and June 2022, while Reimage was bought in July and August of the same year. All the purchases were, we're told, made on a specially designated computer that "was free of performance and security issues," and which had antivirus already installed. 

Once the Restoro and Reimage "system repair" tools were purchased and installed by FTC agents, a telephone number was displayed to call to activate the products. Upon calling they were told the machine had too many problems for Restoro or Reimage's software to fix, and were urged to buy additional repair services for as much as $500. 

What's more, it's claimed, after convincing users to install remote access software on their PCs, the Restoro and Reimage telemarketers looked through the Windows Event Viewer for errors or warnings - plenty of which can be found on any machine - and pointed those out as dire issues that needed urgent fixing. They also used VirusTotal scans to show "issues on the investigator's computer, when in fact they were issues identified on different computers," the complaint alleged.

Not only did the FTC catch Restoro and Reimage in the act, but the firms had long been on the radar of credit card networks and payment processors for fraud as well, it is claimed.

According to the complaint, even AppEsteem, which Restoro and Reimage used to certify their services, contacted the pair in 2018 because AppEsteem "determined [Restoro and Reimage] was engaged in practices that warranted AppEsteem listing the company as a 'Deceptor' on AppEsteem's certification and review website." 

Multiple billing aggregators and payment processes - including Visa - raised questions about excess chargebacks and fraudulent behavior over the years as well, we're told. 

The FTC charged Restoro and Reimage with violations of the FTC Act (alleged deceptive representation) and Telemarketing Sales Rule (alleged deceptive calls). George Avraamides, director of Restoro and Reimage, signed off on the settlement agreement, handing $26 million to the FTC to provide redress to any deceived netizens though without admitting fault.  

Both Restoro and Reimage's websites should contain an FAQ [link] indicating both companies have made "a strategic decision to halt the processing of new transactions and discontinue all automatic renewals." That said, the pages and sites are 404'ing for us at time of publication. The FAQ should look like this and state that new downloads and installation of the pair's software will be disabled.

When looking through cached copies of Restoro and Reimage's websites, we found those messages have been present since sometime in late July to early August of last year, making it unclear whether said "strategic decision" was made in relation to the FTC investigation. 

We reached out to the consumer watchdog to get clarification on the timeline of its dealings with Restoro and Reimage, and were directed to the companies themselves. Neither has responded to our questions. ®

More about


Send us news

Other stories you might like