Cybercriminals are very determined and with a wide range of tools at their disposal, they are always coming up with new ways to try and rob you and your company’s identities and hard-earned cash. And tech support scams are an increasingly popular way for them to do this. In 2017, Microsoft Customer Support received over 150,000 reports from customers around the world who encountered this type of scam. So if you’re unsure of what these scams are or how they work, this blog entry will give you all the info you need to stay safe.
There are a couple of different types of tech support scams but two common elements. Typically there is an online and/or phone call scam. With either the scammers pretend to be technical support for a major reputable corporation like Microsoft or an ISP. They try to trick you into believing there is something wrong with your computer so that you agree to either give them a credit card to pay and ‘fix it’, or you give them remove access to your computer where they then install malware to steal your data or turn your computer into a zombie.
Here are the two main ways these scams can begin:
An online scam generally starts when you visit a malicious website. Sometimes this happens by mistake or sometimes by clicking a link in a bogus email message.
After reaching the site you might suddenly be confronted with pop-ups saying your computer is infected with malware or malfunctioning. Often your screen will be blocked with warning messages you can’t move and these message will have a ‘tech support’ phone number you are asked to call to take care of the problem. Calling this number puts you in touch with the scammers in scenario #2.
You can get a telephone call at any time from a fake ‘tech support’ worker. They typically try and confuse you with tech jargon and create a sense of urgency that your data is in jepordy unless you ‘act immediately’. Typically you are asked to download a special ‘tool’ to permit them remote access to your machine after which they’ll report your computer is infected with malware and that there will be a fee to remove it. In some variations you’ll be told you need to purchase a security tool to remove the problem and then ‘keep your computer safe.’
If you fall for either one of these tactics you’ll not only lose some initial amount of money, but you’ll be exposed to further fraud with the credit card you used. And if the bad guys steal enough data from your computer, they may get your social security number or bank account numbers and then you’ll likely be dealing with identity fraud.
So how do you stay safe? Follow these rules:
- If you receive an unsolicited call from someone claiming to be Microsoft, Apple, Verizon, or someone similar, just hang up. Microsoft makes clear that that they will never call you in an unsolicited manner and most other vendors are the same. If you’re concerned that there might be a legitimate issue, go to the company’s website, locate a general contact phone number and give them a call. Once you’re talking to a human they will be able to quickly tell you if there is an issue they need to talk with you about.
- Keep your computer, network devices, servers, and software up to date. The majority or attacks exploit known vulnerabilities that the manufacturers have likely taken care of via updates and patches.
- Be extra cautious in clicking on links in email messages.
- Only download software from legitimate vendor websites/app stores
- Make sure you have quality antivirus/antimalware software installed on your computer. We like both WebRoot and Trend.
And if you’ve been scammed…
- immediately delete any software you might have downloaded
- if you can, restore to a previous Restore Point
- Once you’ve removed and software that was installed, change all your passwords – both on the computer and online
- Call your bank/credit card company and cancel the card involved. Put in a claim for any money already lost. The credit card company can probably freeze the charge and deny the scammers their ill-gotten gains.
- Monitor your bank and online accounts for unusual activity
- Report the scam to Microsoft, Apple, or other providers.
If you’re hit by one of these scams as an individual it’s embarrassing and frustrating but not fatal if you act quickly. But if you are a company and having these types or problems, give us a call for assistance. There are tools and training available that greatly minimize the chances of success with these sorts of scams.
Everyone stay safe out there!