Offline Cyber Threats: How to Spot a Tech Support Scam
What would you do if an agent from a legitimate company called you, offering technical support for a problem you didn't know your computer had? For most people with little technical know-how, this may seem like good customer service that merits a few minutes or hours of their time. Unfortunately, that's not how the story ends.
What many people may not be aware of is that scammers these days are calling people up to offer technical support. Recently, one of these so-called agents went overboard from just scamming to actually threatening to kill a Canadian man for refusing to give him access to his computer. Two large-scale fake support operations shut down by the United States Federal Trade Commission (FTC) in November 2014 was estimated to have earned more than $120 million since 2012.Give us access and we'll help you. Seems like a typical give-and-take relationship, doesn’t it? Unfortunately, scammers will, of course, take more than what consumers bargained for. In a typical tech support scam call, scammers may pose as fake customer service representatives or agents of legitimate companies, including Microsoft and various security companies. They will suggest running tests on your computer to prove that there is a problem. They may also convince you to download and use legitimate screensharing software to grant them access to your computer.
[Read: Popular Online Social Engineering Scams]
Once allowed remote access, they can do anything to your computer. They can install backdoor malware that keeps your computer open for future access without you knowing. They can install spyware and keyloggers that can detect when you’re on an online banking, shopping, or payment site so they can log your credentials and use them to get into your online banking accounts. In many cases, scammers have also asked for banking information during calls.
Here are a few warning signs you can watch out for:
- If the caller is asking for money to fix your computer, hang up. Any phone call that asks for money for technical support over the phone, especially for services you have not signed up for beforehand and those where callers cannot verify your subscription or membership, are sure to be malicious.
- Compare cold calls to known industry practices. Legitimate companies comply with industry regulations when it comes to conducting cold calls. In many countries, real companies honor services that stop the receipt of marketing voice calls. They won't persist in calling a number many times, despite being blatantly told not to call anymore.
- Question the need for remote access. Real phone support agents follow a strict flowchart when it comes to addressing customer issues, and most of the time, remote access is only done as a last resort often by a higher level of call technician. Calls where the support agent offers to access your computer remotely right off the bat is a red flag.
- If you’re the one calling, make sure you do have the right number. Scammers who set up fake support operations have been known to create online search and display ads so that their numbers pop up immediately when someone looks for certain keywords. Go straight to the company’s website and look for their contact and support numbers instead of trusting what you see on search engines.
- Be constantly on guard. Tech support scams and similar threats are always evolving and more spoofed companies and methods are being added to the scammers’ repertoire. Take note that they may use social engineering, fear tactics, and even outright threats to compel you to grant access or personal information during the call.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases