How Do Tech Support Scams Happen?
Tech support fraud involves criminals claiming to provide technical support to fix problems that don’t exist. Their methods include placing calls, sending pop-ups, engaging misleading lock screens, and sending emails to entice users to accept fraudulent tech support services. Users should NOT give control of their computers or mobile devices to any stranger offering to fix problems. Let’s look more closely at a couple of the most popular types of tech support scams.
Phone Tech Support Scams
How do phone tech support scams happen? Well, first, the phone rings. Usually, the caller ID does not look legit to the recipient, but the recipient answers nonetheless. (– As I explained last month in retelling a story about my Dad.) The tech support imposters (scammers) who call may pretend to be a computer support technician from a well-known or recognizable company that people trust such as Microsoft or Apple. The scammer will say that their company has found a problem with your computer. You will be asked to give the scammer remote access to your device while the company runs “a diagnostic test to fix the issue” – as in the case of my dad, who was scammed recently.
If the fraudster is able to install software on your computer as a result of your interactions, it might provide you with false reports stating that everything is working properly and that the viruses have been removed. However, unbeknownst to you, the installed software can be used to track what you access on your computer or used to gather information about you in order to steal your identity. It may also be used to download malicious software (also known as malware) to your computer.
If you receive a phone call that you aren’t expecting from someone who claims there is a problem with your computer, hang up.
If you don’t hang up, here’s what could happen next:
Once you login and the tech support imposter has access to your computer, that scammer can install malware so they can steal your login credentials to websites you frequent such as your financial institutions, utilities, tax sites, email, etc. Your login credentials provide access to valuable information that fraudsters can use to steal both your funds and your identity.
Tech Support imposters usually will demand payment to fix the nonexistent ‘‘issue” and often require payment for their “services” via gift cards or by using a person-to-person transfer app (like Venmo, Zelle, etc.) or by wiring money. Fraudsters prefer these methods of payment as it delivers your money into the fraudster’s hands almost instantly.
Scammers Using Pop-Up Messages, Links in Email Messages
Ever see a weird-looking window pop up on your computer? It might be linked to fraudsters. They will try to lure you in with a pop-up window or notification that appears on your computer screen or mobile device, and they will disguise themselves as agents from well-known companies. Just as with the phone call scams, to appear legitimate, they will steal or fake a well-known company’s name, logo and branding.
Fraudsters usually lure victims in one of two ways: (1) by using scare tactics such as presenting alarming error messages on your screen that warn of security issues on your computer; or (2) by using enticements such as notifying you that you have won a prize or the lottery. The messages require you to click on a link, install a program or application, or call a phone number to get help or redeem the prize.
If you receive an unsolicited call or pop-up on your computer, what should you do? First, do not provide any information or click on links provided in emails. Instead, update your computer’s existing security software and run a scan. Schedule both the updates and scans to automatically run periodically. If you continue to experience similar pop-up messages, turn the computer off and disconnect it from the internet until you or a trusted computer repair company are able to resolve your computer of potential virus infection.
How to Avoid Being a Victim
Below are some tips from CISA, the Cybersecurity and Infrastructure Security Agency:
- Be suspicious of unsolicited phone calls, visits or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
- Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Don’t send sensitive information over the internet before checking a website’s security. (See Protecting Your Privacy for more information.)
- Pay attention to the Uniform Resource Locator (URL) of a website. Look for URLs that begin with “https”—an indication that sites are secure—rather than “http.”
- Look for a closed padlock icon—a sign your information will be encrypted.
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group. (See the APWG eCrime Research Papers).
- Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic. (See Understanding Firewalls for Home and Small Office Use, Protecting Against Malicious Code, and Reducing Spam for more information.)
- Take advantage of any anti-phishing features offered by your email client and web browser.
- Enforce multi-factor authentication (MFA). (See Supplementing Passwords for more information.)
Laurie Head is an owner of AIS Network.