Getting scammed into buying freely available software, and how to work out from there

There are heaps of freely available applications out there. There also is an insane amount of fraudsters willing to scam peole into giving good money out for nothing more. In short, do NOT pay anything for iTunes, FrostWire, or any similar application before before at least checking whether or not they are available for free from their publishers’ website. Same goes for free music/movie/download “memberships” without knowing what exactly you are buying. When one realises they’ve fallen victim to this type of scams, it’s usually too late, but sometimes, it’s worth persevering and trying to get a refund.

I recently helped somebody who had fallen for a typical “buy a membership and get all the music you want for free” scam. Having rencently been given an iPod, they were looking for iTunes and a way to get some music for it.

A quick Google search on related terms raises a number of Google Sponsored Links to dodgy websites. Their dubbious purpose however really stands out to the overly paranoid eye. These sites tend to look quite official otherwise. The unsuspecting user is taken through the step of signing up for a free membership, but quickly find themselves having to pay a small fee to get “something” (it’s always unclear what) done. The fee being relatively small, and there being no obvious way to avoid paying it, the user tends to accept to give away their credit card details — after all, being a paying customer, the service will be better than the one advertised, huh?

An email quickly confirms that the transaction has been successful. What really has been crowned with success, however, is the scammer’s at getting credit card details. In the case I’ve helped with, the credit card was immediately charged 4 times the amount which was initially mentionned on the sign-in form (it turns out it was the yearly amount of a three years period, and a phantom “extra feature”). Some other times, it takes the form of a monthly fee. In any case, it’s too late.

Because the purchase has been agreed by the card holder, particularly if the transaction has been validated with the numbers on the other side of the card or some confirmation code entered on their website, the card issuer tends to refuse any refund (“charge back”). This makes you wonder what level of “insurance” one can still hope to benefit from the card issuing companies, regardless of the fact they make a seeling point of it (Steven Murdoch and Ross Anderson have an interesting paper which investigates some issues of online payments and how parts of it are mainly introduced to shift liability from banks to their customer).

In addition to the cold shower of being charged four times the expected amount, the confirmation email at least contained login credentials associated with the “3 years VIP membership.” The shower went on when it turned out the credentials didn’t lead anywhere. The buyer quickly complained to the handily provided customer support email address, both mentionning the overcharging and the non-functionning login. A couple of cranky unanswered emails later, a copy and pasted reply eventually came explaining, rather irrelevantly, how to download an old version of iTunes and Frostwire as well as how to search for music on peer-to-peer networks. Free music indeed, but illegal (at least according to current standards), hence surely not a service worth paying for to start with. It seems that Frostwire is often unvoluntarily used in this type of scams. They have set up a page warning unsuspecting users against this.

Not having much time to do anything with this, the person let it go for about six months, when I happened to be around to have a look at the problem and try to understand how to get their money worth for this “service.” After quickly trying to ask the customer service for a refund, thus getting a second template reply about how they can’t provide a refund after a given period (which is mentionned to be both seven and 180 days), it became clear that this would lead nowhere. Not knowing much what to do, and trying to work out how to get the money back, I started looking around trying to find information about the involved companies.

The various emails, particularly the sending domain names and IP addresses gave an initial idea of the mess. Multiple domains registered by different people and companies in the US and the Netherlands, a call center in India (with a whoping two template messages to copy and paste as replies to customers), several servers along the way confirmed the scam hypothesis: they were trying to lose the casual investigator.

The most coherent bit of usable information ended up being that regarding the institution which charged the credit card. Though this company presents itself as a internet payment broker, just like PayPal, their name reoccuringly appears in searches about this type of scams. Not able to determine whether they are actively involved in these scams or just have poor policies about their customer choices, I’d rather not name them in full — there is enough “incriminating” material refering them on the net so there is no need for me to add to the corpus. I’ll call them using their initial, MB, and note that they run several websites providing the same service (though the domains do not show much similarity in their registration, the servers are the same) and the main company is based in the Netherlands.

For this type of problem, contacting the fair trade associations is usually a good start, but Holland is quite off the limits of my knowledge abouth these things. Fortunately, it turns out that Australia, where I’m living at the moment, has a good and very reactive scam watch group. I could file a description of the problem using one of their website’s online forms. I thought it was worth doing mostly for their reporting purposes, but actually got a phone call a couple of days later from a very helpful guy (whose name unfortunately escapes me) who gave me the details of the Dutch Fair Trade office: the Consumenten Autoriteit.

Rather than directly filing the issue with the consumers authority, I thought I’d send a final email asking for a refund directly to this payment broker. A slightly edited version is below.

From: Olivier Mehani <XXX>
To: sven@XXX
Subject: Last request before filing a complaint with the consumenten autoriteit
Cc: [email protected], [email protected]


Please read this email attentively as it is the last attempt at getting
a mutually satisfactory solution before we take the problem to the Dutch
Consumeneten Autoriteit. More specifically, _any_ copy/pasted answer
will be understood as a clear indication that you didn’t consider this
email. We will therefore have no other option than to take the problem
to the authorities of your country, by filing a general complaint
against the MBXXXXX company, operator of the website, in
the person of Sven XXX (identified by various Whois
records as the owners of the aforementionned site), to whom this message
is primarily addressed.

I’m writing to you on behalf of Mrs. XXX.

Let me first quickly summarize the facts.

– On 2009-07-10, Mrs XXX bought a “3 Year Unlimited VIP Access and
1 Extra Features” for $14.95 (order number XXX). The same day,
she received an email confirming her membership, for the price of
US$59.86 (supposedly the $14.95 was only the yearly price, which was
not clearly mentionned). She also received the login and password.
To this day, these login and password have never worked. The very
same day, she contacted your customer service (at address
[url=mailto:[email protected]][email protected][/url]) with respect to the non-functionning login.
This message was given ticket number #XXX, and promptly
answered by a message from Anna Smith containing irrelevant
information about the way to download outdated versions of freely
available applications. Nothing, however, has been done to fix her
login issues.
– On 2009-07-11, that is _one_ day after she purchased this
“membership,” she sent an email to your customer support indicating
that, due to the problems she encountered, she hadn’t been able to
use whatever service you provided, and that your “Customer Support
Specialist” had proven to be unable to provide a valid solution. She
therefore asked for the membership to be cancelled and her USD$59.86
fully refunded. This email was given ticket number #XXX,
which was answered by Stephen Williams with the very same copy/pasted
email containing the same irrelevant information as before. Mr.
Williams, however, completely ignored Mrs. XXX’s demand for a
full refund.
– On 2009-07-27, without any update from your services, she sent a new
email asking for _actual_ support. This email was given ticket number
#XXX, and was answered by the same Mr. Williams, with the
same irrelevant message.

Being a busy person, Mrs. XXX didn’t have much more time to try to
understand how to benefit from the US$59.86 she invested in your
services and postponed it for a while.

– On 2010-04-02, she recontacted your services (at address
[email protected]), to ask for an immediate and full refund
of the US$59.86 that have been charged on her credit card, in light
of the total impossibility to use any of the services supposedly
provided by your company, and the lack of adequacy of the customer
service. This email was given ticket number #XXX.
Stephanie Martin replied the next day mentionning, both a 7 days and
an 180 days possible refund period, remarking that both of the delays
have been passed.
Here, please note that Mrs. XXX’s initial claim for a
refund was sent _one day_ after contracting this membership, but nobody
mentionned any of this 7 or 180 days delay at that time, and just
blatantly ignored her request for a refund.
– On 2010-04-03, Mrs. XXX then replied to Stephanie Martin,
mentionning that she did ask for a refund within the contractual
period of 7 days, and reiterating her request for an immediate
– On 2010-04-11, strangely enough, Stephen Williams replied to ticket
#XXX with the _same_ unhelpful message that Mrs. XXX
already received half a dozen time, which didn’t address any of the
points she raised in her previous reply to Stephanie Martin. To this
day, Stephanie Martin as not given any following to this last email.

At this point, we are led to conclude that your customer and/or billing
services are not able to answer requests with anything more than two
canned messages. Hence this email sent more directly to its intended
To this day, absolutely no service has been provided, be it in terms of
functional system or in customer and technical support. This is an
obvious breach of your own Terms of Service.

Given the duration of this problem, we consider the only acceptable
solution to be a full refund of the US$59.86 initially charged to Mrs.
XXX’s credit card, all additional administrative and transfer fees
being at your expense.

Hoping you clearly understand the situation and in confidence that you
will promptly solve this problem, I thank you for your attention.

The answers were much more satisfying than the previous ones.

First the payment broker took charge.

From: Sven XXX <sven@XXX>
To: Olivier Mehani <[email protected]>
Subject: Re: Last request before filing a complaint with the consumenten autoriteit
Date: Mon, 12 Apr 2010 17:14:31 +0200

Dear Mr. Mehani,
thank you very much for your email.

I am the owner of MBXXX, an online payment provider. therefore we
have forwarded your issue to the correct customer service who will
deal with this issue and we hope that your complaint will be taken
care off to your satisfaction.

If you have not received any satisfactory answer in a reasonable time,
please do not hesitate to contact us and we will try to solve the
problem from here. No need to contact the consumer authority, it will
probably more effectively dealt from this side.

But the actual customer service also managed to send a non-canned reply, less than half an hour later. This time, strangely, it was coming from Canada rather than from India. Also, the domain from where the email came was new, though sounding like some of those previously used.

From: Refund Confirmation <[email protected]>
To: Olivier Mehani <XXX>
Subject: FW: Last request before filing a complaint with the consumenten autoriteit
Date: Mon, 12 Apr 2010 11:38:13 -0400

Dear Olivier,

Thank you for contacting our Support Team.

Ms. XXX was refunded in full and an email confirmation of this was sent to:
[email protected]

The money was credited back 2 days later. It was only $50 and sure cost me quite a lot of time and efforts, but it was worth it. It showed that, at least for this sort of scams, which is far from being a rare case, it is actually possible to fall back on one’s feet. Most of the structure is based on hiding information and being so unwilling to do anything seemingly helpful that their standard victim will just give up. I suppose an important thing is then NOT to give up. That, and also learn to recognise scams before falling for them!

Leave a Reply