Tech support scammers can come across in seemingly legitimate ways; a pop-up that your computer has a virus, an ad claiming they can fix your device, or a call stating there is a problem they can assist with. In 2019, the FTC reported over 100,000 tech support scams. Being aware of these attempts, and being able to spot them, can help prevent cybercriminals from getting their hands on your personal information, money, files or more.
Both individuals and businesses can fall victim to tech support scams. If an employee of a business mistakenly gives a scammer access they can take over the business’ network, steal confidential information, or even encrypt data so the business no longer has access. All of these things could be extremely damaging to a business.
How Do Tech Support Scams Work?
Scammers often use the names of major known tech companies, such as Microsoft or Apple. They might say they’re from the company’s security or technical support team and have found an issue on your device. They’ll throw around tech terms and might even reference items on your specific device. They could ask you to open a specific file or run a scan and then tell you the information you see confirms the problem. Once they think they’ve convinced you there is an issue, they may run a variety of scams, including those mentioned below:
• Remote Access Scams. They may request remote access of your device so they can have control of your system and run a diagnostic test. This gives them access to all of your data and may provide direct connections to your networks. They could also install software that can give them unrestricted access in the future or malware that logs your access or remotely reports your sensitive data. They may even encrypt your data to prevent you from accessing it, and demand a ransom in order for you to get that access back.
• Sales Pitch Scams. Scammers may try to offer something for you to purchase such as computer maintenance, warranty programs, or subscriptions. Again, they may use legitimate names like Norton, McAfee, Office 365, and more. It is important to not commit to anything as soon as they offer it. Do your research to find out if what they are offering is really needed. They may be mentioning repairs you do not need or software you can download for free. If you have an IT team available to you, check with them to see if your computer really needs the updates or maintenance that is being suggested.
• Payment Fraud Scams. If scammers offer any sort of service or assistance, they may ask you to pay via gift card or wire payment for non-existent services or repairs. Any time a someone requests a gift card or wire payment as means of payment, your guard should go up. Most legitimate companies will not request payment in these ways. A scammer may also direct you to enter credit card, account information, and/or passwords into a payment site on your screen where they can also see it. Never give your financial or personal information to a tech support company that has contacted you out of the blue. If you have concerns over your computer or mobile device’s security or performance, contact your IT department or do your own research to find a reputable company who can assist you.
Protecting Yourself from Tech Support Scams
One important rule of thumb is to be wary of any unsolicited calls, texts or emails from a purported tech support company. In most cases, a tech support call or message you don’t expect is a scam, even if the number or email address looks legitimate. Remember – scammers commonly spoof telephone numbers and email addresses. If you have not called for tech support and someone calls and claims they’ve detected a problem, hang up. If you receive the call at work, check with a reliable source within your company to determine if the issue they claimed truly needs attention. Here are some additional tips:
• Be wary of links in emails or pop-ups. If you receive an email or pop-up notification from a supposed tech support company, don’t just automatically click on any links. A good tip is to hover over any links to see where they are really pointing to. Scammers commonly include links to malicious websites and format them to look like legitimate links. For example, if a link says “Microsoft.com/TechSupport”, but when you hover over it you see “micro-softy.net/techsupport”, you should absolutely not click on it. A better course of action is to visit websites directly instead of relying on links in unsolicited emails or pop-ups. These links may lead you to a page that mirrors the real thing – but is not secure.
• Contact a trusted source. If you think there is a problem, get in touch with your IT team or software provider, or research and seek out tech support contacts yourself. Never give out your password or remote access to your computer without first verifying a company’s legitimacy independently of any call, text, pop-up, or email.
Steps to Take if You Are Scammed
If you or someone within your business finds themselves in the position of falling victim to a tech support scam, there are several steps to take. The quicker you can react, the less damage the scammer may do.
• Change passwords. If a password was shared with a scammer, every account that uses it should be changed immediately. Some preventative measures businesses can take include requiring multi-factor authentication, complex password combinations, and frequent password changes.
• Alert your IT team. If your computer has a connection to your employer’s network, there’s a chance that scammers could have drilled into it and gained access to more than just what is on your computer. Alert your IT team immediately so they can check the entire network for malware, back door entries, breaches, or intrusions, as well as scan your computer to see what might have been impacted.
• Notify your financial institution. If you were conned into buying or paying for something, contact your bank or credit card company immediately. If the payment was made on a company card, contact your employer to make them aware of the situation. If you gave out a card number, you may want to have your card shut off and be issued a new one.
• Report to the FTC. The Federal Trade Commission has a complaint site specifically for scams made online. This allows them to be aware of new types of scams, so they can alert other consumers and businesses and help prevent future scams. If you think your identity has been compromised, you should report that to the federal government’s Identity Theft site as well.
Tech support scams can cause harmful damage to you and your business's network. Being aware of how tech support scams are executed and how to spot them can help prevent data breaches and help keep your own personal information safe. For more cybersecurity tips and news, please visit the BankFive Security Center at https://www.bankfive.com/Resources/Learning/Security.
Both individuals and businesses can fall victim to tech support scams. If an employee of a business mistakenly gives a scammer access they can take over the business’ network, steal confidential information, or even encrypt data so the business no longer has access. All of these things could be extremely damaging to a business.
How Do Tech Support Scams Work?
Scammers often use the names of major known tech companies, such as Microsoft or Apple. They might say they’re from the company’s security or technical support team and have found an issue on your device. They’ll throw around tech terms and might even reference items on your specific device. They could ask you to open a specific file or run a scan and then tell you the information you see confirms the problem. Once they think they’ve convinced you there is an issue, they may run a variety of scams, including those mentioned below:
• Remote Access Scams. They may request remote access of your device so they can have control of your system and run a diagnostic test. This gives them access to all of your data and may provide direct connections to your networks. They could also install software that can give them unrestricted access in the future or malware that logs your access or remotely reports your sensitive data. They may even encrypt your data to prevent you from accessing it, and demand a ransom in order for you to get that access back.
• Sales Pitch Scams. Scammers may try to offer something for you to purchase such as computer maintenance, warranty programs, or subscriptions. Again, they may use legitimate names like Norton, McAfee, Office 365, and more. It is important to not commit to anything as soon as they offer it. Do your research to find out if what they are offering is really needed. They may be mentioning repairs you do not need or software you can download for free. If you have an IT team available to you, check with them to see if your computer really needs the updates or maintenance that is being suggested.
• Payment Fraud Scams. If scammers offer any sort of service or assistance, they may ask you to pay via gift card or wire payment for non-existent services or repairs. Any time a someone requests a gift card or wire payment as means of payment, your guard should go up. Most legitimate companies will not request payment in these ways. A scammer may also direct you to enter credit card, account information, and/or passwords into a payment site on your screen where they can also see it. Never give your financial or personal information to a tech support company that has contacted you out of the blue. If you have concerns over your computer or mobile device’s security or performance, contact your IT department or do your own research to find a reputable company who can assist you.
Protecting Yourself from Tech Support Scams
One important rule of thumb is to be wary of any unsolicited calls, texts or emails from a purported tech support company. In most cases, a tech support call or message you don’t expect is a scam, even if the number or email address looks legitimate. Remember – scammers commonly spoof telephone numbers and email addresses. If you have not called for tech support and someone calls and claims they’ve detected a problem, hang up. If you receive the call at work, check with a reliable source within your company to determine if the issue they claimed truly needs attention. Here are some additional tips:
• Be wary of links in emails or pop-ups. If you receive an email or pop-up notification from a supposed tech support company, don’t just automatically click on any links. A good tip is to hover over any links to see where they are really pointing to. Scammers commonly include links to malicious websites and format them to look like legitimate links. For example, if a link says “Microsoft.com/TechSupport”, but when you hover over it you see “micro-softy.net/techsupport”, you should absolutely not click on it. A better course of action is to visit websites directly instead of relying on links in unsolicited emails or pop-ups. These links may lead you to a page that mirrors the real thing – but is not secure.
• Contact a trusted source. If you think there is a problem, get in touch with your IT team or software provider, or research and seek out tech support contacts yourself. Never give out your password or remote access to your computer without first verifying a company’s legitimacy independently of any call, text, pop-up, or email.
Steps to Take if You Are Scammed
If you or someone within your business finds themselves in the position of falling victim to a tech support scam, there are several steps to take. The quicker you can react, the less damage the scammer may do.
• Change passwords. If a password was shared with a scammer, every account that uses it should be changed immediately. Some preventative measures businesses can take include requiring multi-factor authentication, complex password combinations, and frequent password changes.
• Alert your IT team. If your computer has a connection to your employer’s network, there’s a chance that scammers could have drilled into it and gained access to more than just what is on your computer. Alert your IT team immediately so they can check the entire network for malware, back door entries, breaches, or intrusions, as well as scan your computer to see what might have been impacted.
• Notify your financial institution. If you were conned into buying or paying for something, contact your bank or credit card company immediately. If the payment was made on a company card, contact your employer to make them aware of the situation. If you gave out a card number, you may want to have your card shut off and be issued a new one.
• Report to the FTC. The Federal Trade Commission has a complaint site specifically for scams made online. This allows them to be aware of new types of scams, so they can alert other consumers and businesses and help prevent future scams. If you think your identity has been compromised, you should report that to the federal government’s Identity Theft site as well.
Tech support scams can cause harmful damage to you and your business's network. Being aware of how tech support scams are executed and how to spot them can help prevent data breaches and help keep your own personal information safe. For more cybersecurity tips and news, please visit the BankFive Security Center at https://www.bankfive.com/Resources/Learning/Security.