Tech Support Scams

Robix_at_Desk

Tech support fraud occurs when the subject claims to be associated with a computer software or security company, or even a cable or Internet company, offering technical support to the victim. Phony tech support companies utilize several different methods to contact or lure their victims. This list is not all inclusive, as the subjects are always varying their schemes.

  • Cold call.
  • Pop-up or locked screen.
  • Search Engine Optimization: The subject pays to have their company websites appear in the top of search results when a victim searches for technical support.
  • URL Hijacking / Typosquatting: The subject relies on mistakes made by the victim when entering a URL, which either causes an “error” or redirects to the subject’s website.

Once the phony tech support company or representative makes verbal contact with the victim, the subject tries to convince the victim to provide remote access to their device. Once the subject has control, additional criminal activity occurs. For example: The subject takes control of the victim’s device and/or bank account, and will not release control until the victim pays a ransom.

  • The subject accesses computer files containing financial accounts, passwords, or personal data (health records, social security numbers, etc.).
  • The subject intentionally installs viruses on the device.
  • The subject threatens to destroy the victim’s computer or continues to call in a harassing manner.

Scammers have been peddling bogus security software for years. They set up fake websites, offer free "security" scans, and send alarming messages to try to convince you that your computer is infected. Then, they try to sell you software to fix the problem. At best, the software is worthless or available elsewhere for free. At worst, it could be malware — software designed to give criminals access to your computer and your personal information.

Another version begins with a phone call. Scammers can get your name and other basic information from public directories. They might even guess what computer software you’re using. Once they have you on the phone, they often try to gain your trust by pretending to be associated with well-known companies or confusing you with a barrage of technical terms. They may ask you to go to your computer and perform a series of complex tasks. Sometimes, they target legitimate computer files and claim that they are viruses. Their tactics are designed to scare you into believing they can help fix your "problem."

Once they've gained your trust, they may:

  • Ask you to give them remote access to your computer and then make changes to your settings that could leave your computer vulnerable.
  • Ask for credit card information so they can bill you for phony services — or services you could get elsewhere for free.
  • Trick you into installing malware that could steal sensitive data, like user names and passwords.
  • Direct you to websites and ask you to enter your credit card number and other personal information.

If you get a call from someone who claims to be a tech support person, hang up and call the company yourself on a phone number you know to be genuine. A caller who creates a sense of urgency or uses high-pressure tactics is probably a scam artist.

Tips to avoid tech support fraud:

  • Do not give anyone access to your computer, phone, or tablet — nor to your personal or financial information — unless you initiated the contact and know that contact is legitimate.
  • Examine pop-ups and emails closely for signs that might indicate fraud, such as spelling and grammar mistakes.
  • Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers. They may appear to be calling from a legitimate company or a local number, when they’re not even in the same country as you.
  • Never provide your credit card or financial information to someone who calls and claims to be from tech support.

If you've responded to a scam

If you think you might have downloaded malware from a scam site or allowed a cyber criminal to access your computer, don't panic. Instead:

  • Disconnect from the internet and restart your computer in "safe mode."
  • Get rid of malware. Update or download legitimate security software and scan your computer. Delete anything it identifies as a problem. 
  • Change any passwords that you gave out. If you use these passwords for other accounts, change those accounts, too.
  • If you believe that someone may have accessed your personal or financial informationclick here for more reporting and victim assistance resources.

-----------------------------------------

Meet the blogger

Sherlogix Holmes

Sherlogix Holmes

All things fraud news and fraud prevention tips presented by Logix Fraud Risk Management. We know the importance of staying apprised of fraud trends and want to share our knowledge so you, too, can combat fraud and spread the word to family and friends.