From The U.S. Department of Homeland Security
There has been a significant increase in the number of reported incidents related to tech support scams. Many of these victims are older individuals who are not technically savvy and easily duped into believing these unsolicited phone calls are legitimate. These widespread scams sparked conversations on the prosecution of scammers during the United States Senate’s Special Committee on Aging symposium. In a testimony by David Finn, executive director for Microsoft’s Digital Crime Unit, he stated tech support scams are the “single largest consumer fraud perpetrated in America today”. Finn added criminals have swindled approximately 3.3 million people and collectively realize approximately $1.5 Billion annually.
The Scam: Someone posing as a computer support technician makes an unsolicited call to ruse potential victims into believing their personal computer is infected with malware. Victims are then lured into visiting legitimate websites that host malicious malware or illegitimate websites to download malevolent software that enable con artists to remotely access and overtake victim’s machine. Having gained the trust of these victims, criminals are able to charge hundreds of dollars for “bogus” assistance with malicious software removal and the purchase of fraudulent support plans or software.
Tech support scams are not limited to just phone calls. Other scam tactics include the use of pop-up ads seeded into websites that claim victim’s personal computer (PC) is infected with malware; large-scale campaigns that lure users to malicious websites with promises to increase the speed and performance of their PC; and malicious search ads that attract unwary users seeking online support. Although tech support scammers typically pose as Microsoft technicians, they also target other system owners such as Mac users. Common phone scam goals also include:
- Duping victims into downloading malicious software to stealthily pilfer data such as online banking credentials, and personal information.
- Duping Internet users to navigate to fraudulent websites that when accessed enables malicious software to be installed onto victims’ systems that allow cybercriminals to remotely control computer, adjust system settings, and leave computer vulnerable to other threats.
- Duping victims into providing credit card information via phone call or by having them access a website to pay for fake services, using a valid credit card so their credit card information can be stolen.
Recommendations: The best advice to avoid becoming a victim of a tech support scam is: hang up the phone! Tech support scams demonstrate social engineering is still an effective cybercriminal tool. System users are reminded to never grant remote computer access to third-parties unless the caller’s authenticity can be verified through direct contact with the company. Microsoft provides guidance for home PC users on techniques to handle phone calls from tech support scammers:
- Do not trust unsolicited phone calls;
- Do not pass any personal information over the telephone;
- Do not download any unknown software or purchase invalidated online services;
- Try to verify the identity of the caller directly with the company they claim to represent;
- Pay attention to URLs and websites. Malicious websites mimic legitimate websites, but have some variation of spelling or different domain (i.e. .com versus .gov); and
- Record the caller’s information and report it to law enforcement.
For those who suspect they are victims of a tech support scam, immediately change passwords for all accounts including email passwords and online banking accounts; conduct a scan for malware using installed tools such as Microsoft Safety Scanner; and verify normal computer performance by installing Microsoft Security Essentials or Windows Defender. In some instances, it may be beneficial to reimage system to ensure all malware has been removed.