Would you believe that not all technical support representatives have your best interest at heart? While we know that everyone has had a bad support experience at some point, we are not referring to grumpy technicians; instead, we mean scammers posing as support representatives to gain access to your information.
At Cantrell’s IT, we’ve seen several forms of tech support fraud; recently the most common, though, seems to be “Microsoft technicians” and antivirus software license renewals. The general scheme is to reach out to the victim posing as a support representative to gain device control and financial information.
How They Make Contact
Scammers can make contact in various ways:
- Telephone: unsolicited calls from people claiming the potential victim’s device or computer is infected.
- Search Engine Results: users looking for support can fall prey to these scams by clicking on ad results to their search. Bad guys will place ads with search engines for their fraudulent tech support companies.
- Pop-Up Messages: on-screen pop-up messages alerting users to virus infection is another way criminals lure people to their fake support companies.
- Email: phishing emails announcing an antivirus renewal charge is another method used to connect potential victims to fake support companies. Following is an example email sent to both a customer’s email and my email recently:
“Greetings from McAfee
Your registered account has been debited with a total of Usd $449.99 for the purpose of renewing your McAfee Total Security Plan, which expired yesterday. These charges would automatically reflect in your account statement within 48 business hours of receiving this mail. For any queries or concerns please call our service helpdesk +1(800)395-0961”
- Pop-Up with Locked Screen: criminals will program links to popular topics that can lock up a device with the goal of forcing the victim to connect.
Once contact is made, pressure is put on the victim to act right away and pay the company to clean up the problem. Scammers frequently insist on taking control of the device through a remote connection – giving them access to install malicious code, obtain sensitive information, and/or hijacking it for ransom.
How To Spot a Tech Support Scam
There are many ways to spot or head off a scam before any loss occurs.
- Look closely at email addresses. Sometimes scammers will create emails with just a single character different than a legitimate domain.
- Do not click on links from people you do not know and are not expecting.
- If your screen locks up with a warning message, shut down immediately. (Shutting down when a screen locks up can fix real technical problems too.)
How to Prevent Scam Exposure
The best way to not fall victim to a tech support scam is to prepare for and prevent exposure:
- Invest in advanced cybersecurity tools and support. Traditional antivirus is no longer sufficient, especially for businesses. Necessary tools include robust email malware and span solutions, plus advanced cybersecurity solutions to detect file-based and fileless malware, identify zero-day attacks, and automatically respond to kill and quarantine suspected attacks.
- Have a cyberattack response plan in place and train your staff. At a minimum this response plan should include who to contact (with contact information), including your IT support team, and what initial actions to take. This response plan should be easily accessible and reviewed periodically.
- Use pop-up ad blockers. If you are getting warnings of infections, it is very likely to be a very well-designed ad.
- If you are looking for support, do not use any paid for search engine results. They are on top because they pay to be there, not because they are the best.
- Keep all security applications, including operating systems, current. Restart your computers every week at a minimum to allow updates and patches to complete installation.
- Resist following the “click” path shown in the email, going directly to a website and logging in normally is much safer.
- When in doubt, call your IT team for advice.
There are indirect forms of protection available as well:
- Have a knowledgeable commercial insurance agent review your business policy and discuss your cybersecurity coverage. If you do not know a commercial agent, we can make a recommendation.
- Consider getting an identify theft protection solution for your business and staff such as IDShield. Again, we can make a referral.
If It Happens to Your Business
Unfortunately, criminals keep getting more creative. And we play in an unfair game; the cybercriminals only need to win once while we need to win every time! Even the best cybersecurity applications and caution on your part may not be enough. If a scammer does get through there are several things you want to do to protect your business and reduce the data breach and scope of attack.
- Notify your IT and cybersecurity team immediately!
- Consider contacting your commercial insurance company and local law enforcement depending on the scope of the attack.
- Use an uncompromised device to change passwords. Check with your institutions, many can implement protective measures on your accounts.
- Monitor accounts and personal information for unauthorized activity by using a solution such as ID Shield identity threat protection.
- File a complaint with IC3 division of the FBI (ic3.gov) with as much information as possible:
- Criminal and company information such as web sites, phone numbers, or email addresses.
- Account names, numbers, and institutions that received funds.
- Descriptions of all interaction with the scammer.
- Email, web site, or link that connected you with the scammer.
- Keep all records.
At Cantrell’s IT, we provide education and robust cybersecurity solutions to protect clients from hazards on the web. Contact us if you want help with preventing an attack or cleaning up after one.