The scam works like this: When connecting a smart TV to a streaming service like Hulu, Netflix, or HBOMax, consumers are often required to go to an activation URL (e.g. www.streamingservice.com/activate) on their smartphone or computer. Once there, they are usually required to enter the code that appears on their smart TV to link the device to a streaming account. 

Capitalizing on this, scammers are setting up lookalike sites with a URL nearly identical to the authentic one—sometimes with just one character difference. When a consumer makes a typo in attempting to access the genuine website displayed on their streaming device, they are instead taken to the fraudulent page. Once on this copycat website, fraudsters will receive any login credentials, personal information, credit card numbers, and payments that the consumer may provide.  

In other cases, the scam appears to begin when a consumer uses a search engine to look up activation information for their smart TV (e.g. “Roku activation”). Scammers buy ads or otherwise get their fake activation websites to appear high in search results. When the consumer clicks on the bogus link, they may be directed to a website or receive a pop-up asking the user to pay an activation fee. To be clear, Roku and most other streaming device creators do not charge activation or setup fees.  

Scammers also use pop-ups to direct the consumer to call a phone number, usually claiming it’s to finish setting up the user’s account, resolve an error, or fix network issues. This often results in another charge to the consumer, a request for personal information, or both. Furthermore, once fraudsters have a potential victim’s phone number, they are relentless in their pursuit to either complete a scam or conduct another if the first attempt was successful. It is very common for consumers to receive multiple, sometimes dozens, of calls following initial contact. 

Here are a few tips to stay safe while navigating your smart TV: 

1. Scrutinize fees. Whether it’s an activation fee for your Roku (which doesn’t actually require a setup fee) or an alert to resubscribe for a service, fraudsters are always looking for clever ways to charge money. Double check whether the fee matches what the real service charges, or if there is even a charge at all. Additionally, you can log in to a streaming account on another device to check if the subscription has lapsed and take the appropriate steps once you’re sure you have reached an authentic website. 
2. Ensure the URL for the website you’re accessing is spelled correctly. Whether on your TV, phone, or laptop, just one wrong letter can take you to a fraudulent website. Since these copycat sites can look very similar (or identical) to the true destination you were expecting, carefully inspect that the URL you’re going to is the right one. 
3. Double check any phone numbers that appear on your screen. Customer support numbers should be easy to find on genuine companies’ websites.  
4. Don’t let strangers control your device. While this mostly applies to computers, providing control to strangers over your device gives them access to personal and financial information. No authentic support will request remote access to your smart TV. 

Be an ally in the fight against fraud!  

If you suspect that you or someone you know has become a victim of a smart TV scam or any other fraud — report it at once. You can file a complaint at Global Anti-fraud Hub via our online complaint form. We’ll share your complaint with our network of law enforcement and consumer protection agency partners who can investigate and help put fraudsters behind bars. 

Handing over control of your device is one of the worst things you can do when it comes to cybersecurity. By providing remote access, you expose yourself to identity theft, financial loss, and material harm. The hacker could access confidential information (such as your Social Security number, bank account information, and passwords), breach other devices on your network, or drain your bank accounts. In more sensitive industries, such as healthcare and governmental fields, malicious actors could exploit remote access to shut down critical infrastructure.  

Once you allow someone else to take control of your computer, you can never be sure what they are doing with the device. After gaining remote access, a common scam involves the fraudster manipulating the consumer’s device to appear as if the scammer accidentally deposited a large sum of money into the victim’s bank account. In reality, they never deposited a single cent. When they transfer the money out of the victim’s account, they are actually draining the victim’s own funds while making it appear as if they only reclaimed their “accidentally deposited” money. Once a scammer gains remote access, they can also easily install malware without the victim’s knowledge, causing even greater harm to the user.  

To reduce your risk of falling victim to these scams, consider the following tips: 

• Do not give anyone the ability to remotely access your personal device. Generally, once you have relinquished control of your computer, it is very difficult to regain complete security.  
• Double check tech support’s identity. If someone reaches out to you, don’t immediately believe that they are who they say they are. It’s best for you to be the one who initiates software help requests via a trusted and verified website. 
• Double check software updates’ validity. Scammers are known to suggest that they need remote access to install and update. A simple online search of the software update should return announcements of the update by the manufacturer, if it is a genuine update as well as instructions on how to install it. 
• Don’t trust time-sensitive demands. Legitimate tech support and software updates will not pressure you to act within minutes, especially when remote access or payment is involved. 
• Get help in person. Although this is not always possible (especially during a pandemic), visiting your manufacturer’s local storefront for tech support is a much safer way to verify that you’re dealing with a professional.  

Be an ally in the fight against fraud! 

If you suspect that you or someone you know has become a victim of a remote access scam or any other fraud — report it at once. You can file a complaint at Global Anti-fraud Hub via our online complaint form. We’ll share your complaint with our network of law enforcement and consumer protection agency partners who can investigate and help put fraudsters behind bars. 

Stay safe. Be Informed.

Tips on protecting yourself from unwanted software:

• Get your software directly from the source. When you’re looking for a new program, look for the publisher’s website first. Software download repositories may bundle in unwanted software with legitimate downloads.
• Avoid clicking on pop-ups or banner ads that warn you of slow performance on your computer. This is often a ruse to lead you to websites that host unwanted software.
• Make sure everything is up-to-date. To best protect yourself, repeatedly update your browser and operating systems; older systems are more susceptible to being infected by malware.
• Routinely scan your computer. Use antivirus software to regularly scan your computer for programs that you don’t recognize.
• Pay attention when installing new software. When downloading programs and extensions, pay attention to the fine print details. In particular, be on the lookout for pre-checked boxes that offer to install things like toolbars or other software in addition to the software you were looking for.
• Heed your browser’s warnings. Most major Web browsers now have functionality built-in that will warn you when you are about to enter an unsafe website. Chances are that if your browser is telling you to not visit a certain website or download a particular program, you’re better off steering clear.

Despite our best efforts, it’s still possible to inadvertently install unwanted software. Once it happens, there are several steps you can take:

• Ensure that the latest versions of your browser and operating system are installed. The best way to defend yourself against unwanted software is to ensure that your Internet browser (Safari, Firefox, Chrome, Edge, etc.) and operating system (Windows, OSX, Linux, etc.) are up-to-date.
• Run a security scan using a reputable antivirus removal tool. While this software isn’t perfect, an antivirus tool can help detect and remove unwanted software. If you suspect you have unwanted software on your computer, make sure your antivirus tool is up-to-date and then run a full scan. The antivirus may help to detect and remove such software.
• If all else fails, format and reinstall. In extreme cases, unwanted software may be so persistent that it disables operating system or browser updates and resists antivirus removal. If it comes to that, it may become necessary to format your hard drive and reinstall your operating system and Internet browser. Before you do this however, be sure to create backups of important files (like photos, videos, documents). WARNING: This may be a time-consumer process and beyond the skill of some users. If you don’t feel comfortable doing so, you may need to look for outside computer help from your local electronics store or computer manufacturer.

Find Fraud Alerts related to this scam here.

Stay safe. Be Informed.

Sometimes the hacker charges a consumer to download harmless programs that are available for free online to demonstrate the alleged virus. Other times, they install tracking software that gives the fraudster access to personal information on the computer.

Estimates of the scope of this scam vary widely. For example, Microsoft reported that the average victim lost $875 and had to pay $1,700 in repair bills. The Federal Trade Commission (FTC) said it had received more than 40,000 complaints about this scam when it initiated a crackdown in October 2012 and an official with the FTC’s consumer protection bureau said he thought the number of victims was probably “substantially higher.”

Although scams of this sort started in 2008, it has become far more common in the last couple of years, gaining attention from media organizations across the world. The companies that are affected have also noticed, warning their customers and offering tips on how to spot and avoid the scam. PayPal and other payment companies have helped by shutting down the accounts of known fraudsters.

Despite government action to identify and stop scam artists running these schemes, copycats continue to defraud consumers. Consumers should use the following precautions to minimize the risk of falling victim:

• Do not assume that the person contacting you is legitimately working for the company they say they are. Know that legitimate companies will not call you without solicitation and tell you that you must pay for tech support.
• Reach out to the tech company yourself. Find a legitimate phone number for the company and ask them whether a representative contacted you.
• Don’t allow remote access to an unauthorized stranger. Never allow someone to take remote control of your computer unless you are certain that they are actually representing a legitimate company.
• Don’t share personal information. Do not disclose sensitive financial information such as passwords, credit card, or bank account routing numbers over the phone.
• Keep a record of your charges. When buying things over the Internet or phone, use a credit card or a debit card so that you can better dispute fraudulent charges.

If you believe that you are the victim of a tech support scam, please take the following actions:

• File a complaint with Global Anti-fraud Hub so that we can help others avoid falling victim;
• Call your credit card company and ask to have the charges reversed;
• Check your bank and credit card statements for inaccuracies. If you find any, ask that those charges be reversed, too;
• Contact the major credit-reporting agencies (Equifax, Experian, and TransUnion) and notify them of the potential for fraud on your account; and
• Delete the tracking software from your computer. For tips on how to do this, click here.

Visit the following sites to learn more about tech support scams and ways to protect yourself:

• This post on the FTC’s Web site provides consumers with a video on how to protect computers and phone audio of a scammer conducting a tech support scam.
• This section of the FTC’s Web site gives an overview of how these scams work and ways to protect yourself if contacted by a fraudster.
• The Better Business Bureau has a scam alert that describes an incident in Montana involving this scam.
• Finally, Microsoft’s posting on its Web site details common scams that falsely use its name and the common indicators that you are not truly talking to a company official.

Find Fraud Alerts related to this scam here.

Stay safe. Be Informed.

• Watch out for “phishy” emails. The most common form of phishing is emails pretending to be from a legitimate retailer, bank, organization, or government agency. The sender asks to “confirm” your personal information for some made-up reason: your account is about to be closed, an order for something has been placed in your name, or your information has been lost because of a computer problem. Another tactic phishers use is to say they’re from the fraud departments of well-known companies and ask to verify your information because they suspect you may be a victim of identity theft! In one case, a phisher claimed to be from a state lottery commission and requested people’s banking information to deposit their “winnings” in their accounts.
• Don’t click on links within emails that ask for your personal information. Fraudsters use these links to lure people to phony Web sites that looks just like the real sites of the company, organization, or agency they’re impersonating. If you follow the instructions and enter your personal information on the Web site, you’ll deliver it directly into the hands of identity thieves. To check whether the message is really from the company or agency, call it directly or go to its Web site (use a search engine to find it).
• Beware of “pharming.” In this latest version of online ID theft, a virus or malicious program is secretly planted in your computer and hijacks your Web browser. When you type in the address of a legitimate Web site, you’re taken to a fake copy of the site without realizing it. Any personal information you provide at the phony site, such as your password or account number, can be stolen and fraudulently used.
• Never enter your personal information in a pop-up screen. Sometimes a phisher will direct you to a real company’s, organization’s, or agency’s Web site, but then an unauthorized pop-up screen created by the scammer will appear, with blanks in which to provide your personal information. If you fill it in, your information will go to the phisher. Legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens. Install pop-up blocking software to help prevent this type of phishing attack.
• Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date. A spam filter can help reduce the number of phishing emails you get. Anti-virus software, which scans incoming messages for troublesome files, and anti-spyware software, which looks for programs that have been installed on your computer and track your online activities without your knowledge, can protect you against pharming and other techniques that phishers use. Firewalls prevent hackers and unauthorized communications from entering your computer – which is especially important if you have a broadband connection because your computer is open to the Internet whenever it’s turned on. Look for programs that offer automatic updates and take advantage of free patches that manufacturers offer to fix newly discovered problems. Go to OnGuardOnline.gov and StaySafeOnline.org to learn more about how to keep your computer secure.
• Only open email attachments if you’re expecting them and know what they contain.Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.
• Know that phishing can also happen by phone. You may get a call from someone pretending to be from a company or government agency, making the same kinds of false claims and asking for your personal information.
• If someone contacts you and says you’ve been a victim of fraud, verify the person’s identity before you provide any personal information. Legitimate credit card issuers and other companies may contact you if there is an unusual pattern indicating that someone else might be using one of your accounts. But usually, they only ask if you made particular transactions; they don’t request your account number or other personal information. Law enforcement agencies might also contact you if you’ve been the victim of fraud. To be on the safe side, ask for the person’s name, the name of the agency or company, the telephone number, and the address. Get the main number from the phone book, the Internet, or directory assistance, then call to find out if the person is legitimate.
• Job seekers should also be careful. Some phishers target people who list themselves on job search sites. Pretending to be potential employers, they ask for your social security number and other personal information. Follow the advice above and verify the person’s identity before providing any personal information.
• Be suspicious if someone contacts you unexpectedly and asks for your personal information. It’s hard to tell whether something is legitimate by looking at an email or a Web site, or talking to someone on the phone. But if you’re contacted out of the blue and asked for your personal information, it’s a warning sign that something is “phishy.” Legitimate companies and agencies don’t operate that way.
• Act immediately if you’ve been hooked by a phisher. If you provided account numbers, PINS, or passwords to a phisher, notify the companies with whom you have the accounts right away. For information about how to put a “fraud alert” on your files at the credit reporting bureaus and other advice for ID theft victims, use the Federal Trade Commission’s Identity Theft web site.
• Report phishing, whether you’re a victim or not. Tell the company or agency that the phisher was impersonating.

Find Fraud Alerts related to this scam here.

Stay safe. Be Informed.

• Some downloads contain viruses. These could wipe out your computer files. Get a good virus software program and regularly update it to protect your computer.

• You may be downloading a dialer program without realizing it. This would enable it to “highjack” your modem and connect it to a foreign telephone number, resulting in expensive phone charges. Some programs turn off the volume so you can’t hear the dialing take place.

• Don’t download programs from Web sites you don’t know and trust. Make sure that everyone in your household or business checks with you first before downloading programs.

• Be cautious about emails offering information or entertainment services. Many unsolicited emails are fraudulent and sometimes even opening the email or clicking on an attached link will send a virus through your computer.

• Read the user agreement carefully. There may be important information buried in the agreement about costs or other aspects of the program.

• Supervise children when they’re surfing the Internet. Lured by promises of fun, children may ignore the user agreement or other warnings. Family members who are worried about children surfing the internet should take advantage of the ability to block Web sites and programs.

• Limit the people who know the password needed to go online on your computer. This is an easy way to keep friends, babysitters, and others from downloading dangerous programs onto your system.

• Increase the amount of time a site is kept in your browser history file. Usually a site is erased from the history folder after 20 days, but it may take longer for you to discover that you have been victimized. Increase the time to 45 days. Your browser’s help folder can provide instructions on how to do this.

• Install monitoring software on your system. This software keeps a log of all programs installed on your computer and sites visited on the Internet. It will help you enforce the “no downloading” and “no unsupervised surfing” rules and track down any problems. Monitoring software also allows you to sweep your computer for any viruses using the instructed program.

• Look at your phone bill carefully before you pay it. If you find charges for foreign phone calls you did not knowingly make, your long distance company may agree to remove them or adjust the amount. Your service could be shut off for refusal to pay unless you can work something out.

Find Fraud Alerts related to this scam here.