Maybe because it’s early in the morning, but I fell for this little scam pretty easily. I’m going to call it “driver phishing” because it has all the hallmarks of a phishing attack, although it’s probably legal.
I’m looking for the latest drivers for my Logitech webcam, so I type in Logitech QuickCam driver in Google.
An ad above the results looks promising: a website called LogitechDriversCenter.com:
So I click on it.
It takes me to a site with a Logitech logo, lots of shareware and PC Magazine stars, Logitech product photos and three options for getting the right driver:
DriverRobot, the first one, sounds promising. Maybe, I think, Logitech have consolidated all their driver downloads into one program. Good idea, given I’ve got quite a few of their products hanging around the computer. So I download and install it.
Looks OK so far. A window appears prompting you to start scanning your computer. Lots of green arrows and ticks to reassure you:
Once the scan is done you’re told how many drivers you need, with another green arrowed button indicating what you should do to get them (“Get drivers”):
(I should have been forewarned at this point. Plenty of warnings, but one key one: None of the drivers it suggested were Logitech ones. Certainly nothing to help me with my webcam.)
Click on that and you’re told you’ve got to “Register” which is “quick and easy”.
Notice there’s no other option, unless you can see the little Close Window X in the top right corner of the window:
Try to click on the other radio button (“Allow 11 drivers to remain out of date (not recommended). Critical updates for your computer will not be installed. Your computer may be vulnerable to crashes, performance problems, freezes and “blue screens.””) and then click Continue and the window disappears, but nothing else. It’s like those supermarkets where you can’t get out unless you buy something.
Click on the Continue button and your browser fires up with page requesting your Name and Email to register:
Notice all the seals, locks, starts and 100% guaranteed things going on. Reassuring, eh? Except there’s no link on the page, nothing for the casual user (or a slow-witted guy who got up too early) to click on to get more information.
So the slow-witted guy enters his name and email address, thinking that’s going to get him registered. Of course not. Instead he’s asked to shell out cash--$30—for the software:
Once again, no links to explain who is behind this, or what other options there may be.
As far as the casual user knows, this is either a Logitech product or one approved by them.
But it’s not. The software comes from a company called Blitware. The Complaints Board website has several complaints about the company and software:
The Driver Robot software does not work and the company tricks consumers in to believing that it is freeware. Am trying to get a refund of my purchase price now.
And worse: For some of those who do buy the software and follow its driver updates, it only makes things worse:
My computer completely crashed after using driver robot when it installed a generic mouse driver every time I touched my mouse I had a blue screen crash with a driver check sum error … It has also installed an elan touch tablet driver which is now in the toolbar. I dont have this device on my machine. This software is completely useless and will be going for a refund.
Others found they had no way of getting support:
Useless garbage--no contact info given. I attempted use and could see it doing nothing. What now, am I really out $39.90?
So who is Blitware? Its website says
Blitware (or Blitware Technology Inc., to be precise) is a small Canadian software vendor from Victoria, BC, Canada. Blitware's mission is to take great software products to market and bend over backwards for our partners who help promote them.
(Notice how the company doesn’t say it’s a developer, and stresses the marketing, rather than the consumer, in its literature. That should probably tell you all you need to know, if you hadn’t gotten up too early.)
There is an encouraging link on the home page inviting you to click for Support (“Need support for a Blitware product? Our expert technical support staff is standing by to help you”) --
-- but far from take you to that helpful support staff, the link takes you to a Frequently Asked Questions page, and only at the bottom to a link for contacting technical support.
That in turn takes you to a link demanding you register at Blitware first, and then, when that is done, to a page for you to file your question.
Do that and you’re told:
We will reply to this message soon! You will receive an email when we do.
OK, so, what’s wrong with all this, and why call it phishing?
Well, phishing is the art of using social engineering tricks to lull a victim into thinking s/he is interacting with a legitimate site/product and to get him/her into coughing up passwords or cash.
Usually with banks, or emails, or accounts etc.
To me this Driver Robot is no different.
From the Google search—where a website with the word Logitech in it—everything is designed to make you think you’re dealing, if not with Logitech, then at least with a company/product that Logitech has endorsed.
The website’s title—the bit that appears in the browser’s top-most bar indicates it’s a Logitech site:
Even the website’s favicon—the little log before the web address—is Logitech’s:
To me this is no different to a scammer putting “Citibank” or “Paypal” somewhere in a web address to fool the user into thinking they’re dealing with someone kosher.
Anything the tricks the user, either into thinking they’re dealing with the real thing, or thinking they have no other option, is, in my view, a scam.
That the software doesn’t seem to work—it found no Logitech drivers or updates, and seems to crash computers—only makes matters worse.
I’m going to find out what Logitech make of their logos and name being used for dodgy purposes.
(more on Driver Phishing here.)