While most computer users know how important firewalls and antivirus solutions are for threat protection, they can render even the most robust enterprise software powerless against cyberattacks that exploit basic human psychology. Indeed, 88% of penetration testers and cybersecurity experts surveyed at the 2016 DEFCON hacking conference admitted that they used social engineering to gain information from their targets before infiltrating their systems. From sophisticated phishing emails to faked social media profiles, cyber criminals are constantly on the lookout for new strategies to trick victims into handing over control of their systems and online accounts.
Tech Support Scammers Have Been Using Social Engineering for Years
Tech support scams are one of the most used types of social engineering attack. These schemes involve individuals or businesses marketing their services to computer users regarding viruses and other false security threats they claim to have identified on the target’s device. Most scammers pose as support representatives for well-known software companies like Microsoft or Symantec to provide more credibility to their messaging.
After they have convinced the target of the critical nature of the issue, the scammer will try to gain control of the victim’s computer by urging them to download and install a remote administrative tool for more focused technical support. Once installed, this software allows the scammer to control and monitor the victim’s computer. From here, they can slow down system performance to persuade the user to pay a service fee to have the virus removed from their computer. They could also extract passwords and other financial details by monitoring the victim’s activities.
Although tech support scams have been a persistent threat for some time, they have become more prevalent in recent years. A 2017 report from Microsoft revealed that these social engineering attacks, had targeted about 153,000 users over the year, a rise of 24% from 2016. On average, victims reported losses of $200 to $400 for each attack, but Microsoft has indicated that some individuals have lost more than $100,000 because of these scams. Meanwhile the Internet Crime Complaint Center (IC3) offered even more sobering statistics in their report, stating that reports of these incidents increased by at least 86% over 2017, with accumulated losses of almost $15 million.
Common Attack Vectors
Search Engine Links
The first few links that show up on a Google search are dedicated to paid advertisements from companies that want to maximize their visibility for certain search terms. Fraudsters will often pay to have their website promoted for popular tech support keywords so that users are more inclined to seek their services for legitimate computer issues. In many cases, scam websites are designed to mimic support pages for established tech support providers like Microsoft or Best Buy’s Geek Squad.
Individuals might receive unsolicited phone calls from fake tech support agents that claim to work for companies like Dell or Microsoft. These agents will indicate that they have received a notification that viruses have infected the targets’ computer. They then ask targets to give over control of their computer so that the representative can scan their system for threats. Inevitably the scammer will locate several viruses and require a hefty service fee to clear said viruses from the victim’s computer.
Most computer users will be familiar with the pop-up messages that appear on unsecured websites claiming the visitors’ computers are under urgent threat. These advertisements will state that the user must call a certain helpline number to resolve the problem. If you make the call, then you will find yourself speaking to the same fraudulent agents described above.
Recently, a new version of this scam is being used by an India-based group known as GeeksHelp or sometimes AmericaGeeks. When otherwise virus-free visitors click on domains they own, a pop-up message informs them of new viruses on their computer and a browser locking mechanism then freezes the browser window in place. For novice computer users, this added step can persuade them to call the tech support number shown on the pop-up message.
Sometimes, tech support scammers will re-engage past victims offering refunds for services rendered. In these scenarios, they will ask victims to pay a small up-front fee to enable the payment.
How to Protect Yourself Against Tech Support Scams
- Never grant remote access to an unknown third-party. If an online representative or telephone agent asks to take control of your PC, then cease contact immediately.
- Ad-blocking software can reduce pop-ups and other malicious advertisements that show up during your browsing sessions.
- Start with Trust®: If you do need help with your technology, start with the Better Business Bureau’s website to check out reviews from other customers who have used their tech support services before. Better yet, use a BBB Acreditied service provider.
- Double-check any customer support numbers found online. If these service providers claim to represent well-known companies like Microsoft or HP then visit the official website for the business in question and confirm the contact details from their Contact Us page or section.
- If you ever receive an email from a service provider urging you take urgent action to avoid a security threat, visit your account through the official website rather than through any links provided in email.
- Make sure you have different passwords for different online accounts. Scammers will often install keyword logging software on victims’ computers to capture sensitive personal information.
- Install antivirus software on your computer and ensure that your Windows firewall has been enabled.
If You Are the Victim of a Tech Support Scam
- Change passwords for all your online accounts.
- Run a complete virus scan on your computer.
- If you have already paid for false tech support, initiate a chargeback through your credit card company.
- Stay on the lookout for any fraudulent transactions on your credit card. You may also want to contact your credit card company to place a fraud alert on your account.
Talk to the Experts
If you have been the target of a tech support scammer and you are unsure about the integrity of your systems, we can help. Our experts can help you recover sensitive information and secure your computer against any further threats. Chat with us today for more details.