Introduction to Tech Support Scams

“brown steel window frame with text overlay” by Mathew Schwartz on Unsplash

Among the more common scams used by cyber criminals is the fake technical support service. Phone calls from Microsoft technicians and pop-ups warning of viruses are just a couple of the hallmarks of this con.

Tech support scams prey on the victim’s lack of IT knowledge to fool them into thinking there is something wrong with their computer. The victims are then conned into paying for an expensive service or downloading software in order to “fix” their problems. These services often entail giving the scammers remote access to their computer. This is their gateway to performing more malicious activity, which include theft of personal information and passwords or inserting more malware for future attacks.

In the past these types of scams have taken the form of cold calling. The scammers pretend to be a Microsoft technician to gain the victim’s trust. They then talk the victim through various steps to fool them into believing their computer is compromised.

Phishing emails and pop-up ads are also popular methods of reaching victims. Sometimes these pop-ups go as far as to mimic Windows error messages. Those with low IT literacy can struggle to distinguish between the real and fake messages.

Newer Techniques

Scammers have been getting their schemes in front of victims using paid advertisements. When someone has a technical problem their first action is usually to look up a solution using a search engine. Services that appear as paid ads will seem more trustworthy in the eyes of potential victims and more likely to draw them in. Creating a convincing looking website, which can lure in victims, is simple for experienced crooks.

It has reached the point where Google are planning a special verification system to root out these fake ad (report by Naked Security). And in a recent development criminal have been exploiting un-patched WordPress plug-ins to redirect visitors to their scams (report by Malwarebytes).

How to protect yourself

The first important thing to remember is that companies like Microsoft will never make unsolicited contact with you. If you are contacted by anyone claiming to be from Microsoft or Apple, then it is best to assume fraud and hang up. Also note that no one can “remotely detect” viruses on your computer, and Window or Mac error messages will never require you to ring telephone numbers or email an address.

Keep calm when confronted with warnings. When you are presented with a dire message, it is only natural to want to act fast. Phishing emails and ads from scammers rely on urgent language to bypass rational thinking. Next time someone online tells you your computer has been compromised, stop and think.

If you get an email issuing urgent warnings, do not click and links or attachments. These may lead to fake web pages or contain malware. Keep an eye open for poor spelling and grammar in emails. These are obvious signs of unprofessional pretenders.

Taking a more proactive approach to protecting your computer from Malware can help you escape pitfalls. Do research into trusted anti-virus and anti-malware tools and get them set up early. These tools can detect malware planted by scammers and warn you about malicious downloads. If you know who you can turn to for help, then you can avoid suspicious characters online.

Proper training can help your staff avoid the pitfalls of tech support scams and other phishing attempt. Training programs such as CySafe can boost the vigilance of your staff and reduce the risk of them falling prey to phishing..

These kinds of scams can be easily avoided so long as you are vigilant and never take online ads at face value.


Originally published at www.servertastic.com on October 8, 2018.