How to Identify and Avoid Fake Tech Support Scams
Many people allow tech support teams to remotely take over their computers, a trust that scammers love to exploit.
If you’ve ever had a problem with your computer threaten to wipe out all your work or your photos or your music library, then the chances are good that you’ve also eagerly hopped on the phone with tech support to get the issue resolved.
Perhaps it’s because of this eagerness to talk to tech support—as well a corresponding fear of a dangerous virus wiping out our computers and/or stealing all of our personal information—that fake tech support scams have gotten more popular.
“Because of the internet, we are living in a new world where people’s trusting nature is being taken advantage of at a scale never seen before,” observed Steve Tcherchian, Chief Product Officer and CISO for XYPRO Technology (@xyprotechnology). “Attackers have access to targets that were not previously available. We have to educate ourselves and be overly cautious and suspicious of everything.”
We couldn’t agree more! So sit back, scroll down, and learn more about how these fake tech support scams work and what you can do to identify and avoid one before you’ve been hit.
Here’s how fake tech support scams work.
“You receive a call from someone informing you that your computer is infected with a really bad virus and needs prompt attention. The crook tells you he needs remote access to your computer, then proceeds to ‘fix’ a problem that never existed, and you get charged a fee for it.
“Worse, when they are logged into your device, they install spyware so they can see everything you do on the PC all day long.”
Siciliano cautioned that these tech support scams have several variations, and related the general series of steps that another popular variant tends to tread:
- “They contact you, you freak out thinking your PC has the Ebola virus, then you allow them on your PC, then you pay.
- “They ask if you were happy with the service. If you say no, they’ll then claim they can get your money back.
- “Another claim is that the company is going belly up, and as a result, they’re giving out refunds to individuals who already paid.
- “When enough of these phone calls are made, a certain percentage of the recipients will respond exactly the way the fraudsters want them to: The victims will give out their credit card number or bank account information after being told that this is necessary to process the refund.
- “The scammer may tell you to create a Western Union account in order to receive the refund. Gee, they may even offer to assist you in filling out the forms (how nice of them!) if you hand over remote access to your computer. But they won’t be putting money in your account; they’ll be taking money from it.”
“Tech support scams are becoming increasingly difficult to identify,” Tcherchian lamented. “For years, users have been encouraged to call tech support, where then a tech support agent would remotely connect and resolve the users’ issue. In fact, when I ran tech support operations for a large call center, remote access was the quickest way to solve any issue.”
And while phone calls are the most common ways that scammers try to make contact with their marks, they are far from their only mode of communication. “These scams are also coming through other mediums, such as LinkedIn or Facebook,” warned Tcherchian. “Same concepts apply.”
They want your personal information.
“The number one thing that consumers need to know is that these scams are trying to get personal information from you,” warned Tim Prugar, the VP of Operations and Product Owner at telecommunications technology firm Next Caller (@nextcaller).
“They want you to grant them remote access to your computer or accounts, to give them payment information, or even personal information that can seem relatively benign—like address, mother’s maiden name, or last four of your social security number.”
And once they have your personal information, those scammers can then attack your accounts at different institutions.
“Fraudsters use this information to carry out a secondary attack or account takeover, typically at a financial services institution, wireless provider, or insurance company,” said Prugar. “Sometimes the scammers will be able to build a level of trust through social engineering that will allow them to convince victims to transfer funds right then and there.”
Getting scammed out of some money is bad enough, but getting scammed out of your personal information can put your financial wellbeing at risk.
The bad kind of “spoof.”
If a scammer is trying to contact you over the phone, there is one surefire way to make sure that they don’t reach you: Don’t pick up. As Siciliano put it: “Why bother even answering a call in the first place if you don’t recognize the caller’s number?”
But while ignoring unknown phone numbers is a good first step to evading fake tech support scams, scammers have already found a way to make their phone calls look like they come from a far more trusted source.
“The scam is usually initiated through a direct call—either a robocall or a targeted attack —that utilizes ‘number spoofing,’” said Prugar, who sits on the board of the Communications Fraud Control Association.
“Spoofing is the practice of intentionally manipulating the number that displays on the victim’s caller ID. Fraudsters will ‘spoof’ their number to appear as a legitimate business, a government entity, or even a local area code (this is called ‘neighbor spoofing’).
Luckily, that “don’t pick up” advice still applies.
“If the caller’s number appears to be from “your” bank or credit card company or from Microsoft or anyone you already know and trust, still don’t answer,” said Siciliano. “If it’s legitimate, they’ll leave a message.”
“Even still, don’t call back the number they give you,” he continued. “If they leave a message, contact the institution via the number that’s on your statements to find out if the caller was legitimate.”
Being the caller isn’t totally safe either.
This brings up yet another wily and insidious way that tech support scammers use to fake out their targets. Even if you dodge their phone calls and try to call the correct number the company they’re using as a cover, a lack of due diligence on your part could lead you right back into their grasp.
“Today, there is no guarantee the number you’re calling for tech support is correct,” explained Tcherchian. There are plenty of fake websites, popup ads and other online posts redirecting computer vendor phone numbers to malicious ones. You may think you’re calling Microsoft or Dell, but you’re actually calling the scammers’ hotline. The person who answers the phone may sound completely legitimate and helpful.
To safeguard against this, Tcherchian stressed that you shouldn’t simply Google the company’s phone number. Instead, he said that you should make sure to only call the number that is listed on the vendor’s actual website.
Always, always, always be cautious.
In general, you should always approach any tech support interaction with extreme cautiousness, especially if that support involves granting them remote access to your computer.
“Consumers should never allow tech support to take over their computer unless they are absolutely certain they are talking to a reputable firm they initiated contact with,” said Ray Walsh, a digital privacy expert at ProPrivacy.com (@weareproprivacy). “Even when consumers do initiate contact with a tech support team, great care must be taken to ensure that this support is genuine.”
Only scammers contact you out of the blue.
“Consumers must be aware that legitimate tech firms do not contact you by phone, email, or text message, to inform you that there is a problem with your machine,” explained Walsh. “In addition, genuine pop-ups will never ask you to call a phone number for help.”
In addition, legitimate tech support teams won’t go suddenly asking you for money or for your bank account information in the middle of the transaction. Scammers, on the other hand ….
“Scammers may ask to be paid for providing fake help. This can be as simple as walking the victim through hoax fixes and then asking for them to wire payment, put money on a gift card, or use money transferring apps to send a fee,” said Walsh.
“As is always the case when random services (or individuals) ask for money online—never pay unless you can genuinely ascertain that the invoice is credible.”
If you’re on the phone with a tech support team that starts asking you to provide your credit card or bank information or Western Union account number, Siciliano variation on his “don’t pick up” advice from earlier that can save you: “Hang up.”
What to do if you’ve been taken in.
If you get taken in by a fake tech support scam, there are still steps you can take to protect yourself and to try and limit your financial losses.
“Anybody who thinks they have been infected with malware should begin by ensuring all their security software—such as Windows Defender which comes built into all Windows machines—is up to date,” advised Walsh.
“In addition, they should use an antivirus program such as Malwarebytes free to scan their computer. If any infections are present these programs should be able to pick them up.”
“Anybody that accidentally pays a scammer may be able to cancel the transaction if they are quick enough so always cancel your card or contact the credit card company or bank as quick as you can to attempt to stop the transaction from taking place,” he added.
To protect future would-be marks, Siciliano also recommends that you file a complaint with the Federal Trade Commission. To read more about you can protect your money and your identity from fraudsters and scammers, check out these other posts and articles from OppLoans:
- 11 Tips for Protecting Your Data Online
- How to Avoid Getting Catfished
- Expert Roundup: 13 Signs You’re Being Scammed
- 5 Steps You Can Take to Prevent Identity Theft
|Tim Prugar is the Vice President of Operations and Product Owner at Next Caller (@nextcaller), a telecommunications technology firm based out of New York City. Next Caller specializes in providing a positive customer experience through real-time call-verification for enterprise call centers. Tim is a member of the Communications Fraud Control Association Board of Directors.|
|Robert Siciliano (@RobertSiciliano) is a #1 Best-Selling Author and CEO of Safr.Me. Safr.Me is funny but serious about teaching you and your audience fraud prevention and personal security. Robert is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). His programs are cutting edge, easily digestible and provide best practices to keep you, your clients and employees safe and secure. Your audience will walk away as experts in identity theft prevention, online reputation management, online privacy, and data security.|
|Steve Tcherchian, CISSP, PCI-ISA, PCIP, is the Chief Product Officer and CISO for XYPRO Technology (@xyprotechnology). Steve is on the ISSA CISO Advisory Board, the NonStop Under 40 executive board and is part of the ANSI X9 Security Standards Committee. With almost 20 years in the cybersecurity field, Steve is responsible for strategy, innovation and development of XYPRO’s security product line as well as overseeing XYPRO’s risk, compliance and security to ensure the best experience to customers in the Mission-Critical computing marketplace.|
|Ray Walsh is a digital privacy expert at ProPrivacy.com (@weareproprivacy) with vast experience testing and reviewing VPNs and other online security software. He has been quoted in The Times, The Washington Post, The Register, CNET & more. Ray is currently rated #1 VPN and #3 internet privacy authority by Agilience.com.|