Tech Support Scams: What They Are and How to Stay Safe

The Bad Guys are Looking for You!

Cybercriminals are very determined and with a wide range of tools at their disposal, they are always coming up with new ways to try and rob you and your company’s identities and hard-earned cash. And tech support scams are an increasingly popular way for them to do this. In 2017, Microsoft Customer Support received over 150,000 reports from customers around the world who encountered this type of scam. So if you’re unsure of what these scams are or how they work, this blog entry will give you all the info you need to stay safe.

There are a couple of different types of tech support scams but two common elements. Typically there is an online and/or phone call scam. With either the scammers pretend to be technical support for a major reputable corporation like Microsoft or an ISP. They try to trick you into believing there is something wrong with your computer so that you agree to either give them a credit card to pay and ‘fix it’, or you give them remove access to your computer where they then install malware to steal your data or turn your computer into a zombie.

Here are the two main ways these scams can begin:

Online

An online scam generally starts when you visit a malicious website. Sometimes this happens by mistake or sometimes by clicking a link in a bogus email message.

After reaching the site you might suddenly be confronted with pop-ups saying your computer is infected with malware or malfunctioning. Often your screen will be blocked with warning messages you can’t move and these message will have a ‘tech support’ phone number you are asked to call to take care of the problem. Calling this number puts you in touch with the scammers in scenario #2.

Telephone

You can get a telephone call at any time from a fake ‘tech support’ worker. They typically try and confuse you with tech jargon and create a sense of urgency that your data is in jepordy unless you ‘act immediately’. Typically you are asked to download a special ‘tool’ to permit them remote access to your machine after which they’ll report your computer is infected with malware and that there will be a fee to remove it. In some variations you’ll be told you need to purchase a security tool to remove the problem and then ‘keep your computer safe.’

If you fall for either one of these tactics you’ll not only lose some initial amount of money, but you’ll be exposed to further fraud with the credit card you used. And if the bad guys steal enough data from your computer, they may get your social security number or bank account numbers and then you’ll likely be dealing with identity fraud.

Staying Safe

So how do you stay safe? Follow these rules:

  • If you receive an unsolicited call from someone claiming to be Microsoft, Apple, Verizon, or someone similar, just hang up. Microsoft makes clear that that they will never call you in an unsolicited manner and most other vendors are the same. If you’re concerned that there might be a legitimate issue, go to the company’s website, locate a general contact phone number and give them a call. Once you’re talking to a human they will be able to quickly tell you if there is an issue they need to talk with you about.
  • Keep your computer, network devices, servers, and software up to date. The majority or attacks exploit known vulnerabilities that the manufacturers have likely taken care of via updates and patches.
  • Be extra cautious in clicking on links in email messages.
  • Only download software from legitimate vendor websites/app stores
  • Make sure you have quality antivirus/antimalware software installed on your computer. We like both WebRoot and Trend.

And if you’ve been scammed…

  • immediately delete any software you might have downloaded
  • if you can, restore to a previous Restore Point
  • Once you’ve removed and software that was installed, change all your passwords – both on the computer and online
  • Call your bank/credit card company and cancel the card involved. Put in a claim for any money already lost. The credit card company can probably freeze the charge and deny the scammers their ill-gotten gains.
  • Monitor your bank and online accounts for unusual activity
  • Report the scam to Microsoft, Apple, or other providers.

If you’re hit by one of these scams as an individual it’s embarrassing and frustrating but not fatal if you act quickly. But if you are a company and having these types or problems, give us a call for assistance. There are tools and training available that greatly minimize the chances of success with these sorts of scams.

Everyone stay safe out there!

“Your computer has a virus’ cold call scams on the rise

Microsoft has recently reported that complaints are up 24% for tech support scams. And freshly released stats show 15% of complainants losing cash to the scam.

If you’re not familiar with how it works, a user will get a call from someone usually claiming to be from Microsoft who will talk the victim through a number of steps on their computer that will cause something technical or scary to appear on the user’s screen. At that point the scammer will declare the information showing is ‘evidence of a serious problem’. An offer to fix the problem for somewhere between $200 and $400 is then presented.

This scam is indiscriminate, targeting both businesses and individuals. It’s  particularly frustrating in that individuals over the age of 55 seem to be particularly targeted.

This is one of those IT areas where no software or network gizmo will protect the user. Only training can help and is one of the reasons why MicroData always includes End User Security Awareness Training as part of any IT system design. Contact us if you’d like some help with locating these sorts of resources.

And remind your users and friends that if they get a unsolicited call from anyone about a ‘problem’ with your computer and the individual claims to be with Microsoft (or anyone else), just put the phone down. Microsoft and other reputable vendors never make unsolicited calls to users.


 

 

Beware New Tech Support Scam

Here’s a new one you should alert your users to be on the lookout for. Over the last few years we’ve all become accustomed to receiving legitimate email alerts from providers such as Google, Yahoo, and Facebook when there was the possibility of a security risk such as a logon to your account from an unknown computer.

While cybercriminals have copied these emails in the past hoping to lure users into clicking on links taking them to infected sites, there’s now a new twist. Now the fake security email includes an 800 phone number that you’re told you need to call.

If you do you’ll either get to talk to a real cybercriminal – usually with a foreign accent – or you’ll bounce around voicemail for a while. But with either, you eventually end up being told that there’s something wrong with your computer and that they’ll fix it for you but need a credit card.

Remind your users to stop and think.

Everyone stay safe out there!


 

Dell Tech Support Scam

If you have any Dell computers, here’s a scam you want to be sure to alert your users about.

Users receive a call claiming to be from Dell support. They even have the service tag from your computer and potentially other personal information. The caller then tries to get you to provide them with remote access to ‘fix the problem’. If they get access they will then infect the computer with ransomware and also potentially ask for a credit card for a ‘required service charge’.

At this point it’s not clear where the bad guys have got the Dell service tag information, but with that in hand they have an extra degree of credibility, so make sure your users don’t fall for it.

Everyone stay safe out there!