Tech Support Scams are becoming more common these days. They usually start as unsolicited phone calls from fake tech support companies offering fake tech support services. These scammers often try to get you to buy their product or service, and they might even threaten you with legal action if you don’t pay them immediately. In most cases, the best way to deal with this type of scam is to hang up on them and ignore them. If you do want to talk to someone about your issue, there are legitimate tech support providers that can help you fix it for free.

A tech support scammer talking to a potential victim

How Do Tech Support Scams Work?

Scam artists are always looking for ways to make money online. One way they do it is by tricking people into thinking they’re dealing with legitimate businesses. But most of these calls are nothing more than a scammer trying to steal your personal information.

Here’s how it happens. A caller might say they’re technical support services calling from Microsoft, Apple, or another big-name brand. They’ll ask you questions like “What version of Windows are you running?” or “Is your computer virus free?” Then they’ll offer to fix whatever problem you’ve got. If you agree, they’ll ask to remote into your computer, and that’s when the fun starts.

The first thing they’ll want to do is have you install remote software on your computer. This could be anything from spyware to adware to malware. Once installed, this software will give them access to all sorts of sensitive data about your computer, including passwords, bank account numbers, and other private information.

Once they have access to your computer, they can upload a dummy file to manipulate it to look like any number of things. For example, if you’re using an antivirus program, they may tell you your computer has a virus that needs cleaning. Or, they may claim a problem with your hard drive and suggest you buy a new one.

Tech support scammers might ask you to send them payment using a credit card, wire transfer, crypto, cash reload card, or gift card for a software license renewal, and once they receive the funds, they disappear without fixing your problem.

Online bank account. Close up of woman checking balance of bank account online after shopping

Banking Support Impersonators

Another popular scam involves banking support scams. The scammers pretend to be bank representatives of banks, financial institutions, or government agencies. They call you pretending to be from your bank, asking you to verify some transaction or provide additional details about your accounts.

These scammers might also ask you to download a “remote control” application onto your computer. It’s not a remote control app; instead, it’s a trojan horse that gives the scammer complete control over your computer.

If you fall for this scam, the scammers might demand that you pay a ransom to regain control of your computer. And if you pay, they might delete important files, change your password, or lock you out of your computer.

Remote Technical Support Scams

Remote tech support scams are becoming increasingly common. Scammers send emails claiming to be from Apple, Microsoft, Google, or another major technology brand, asking you to follow a link to fix a problem with your computer. Once you do that, they’ll ask you to pay money for remote access to your device. If you agree, they’ll install malware on your machine.

See also  Zero-Click Attacks: What Are They And How To Stay Safe

These scams usually start with a false error message designed to make you feel like you’ve got a serious problem with your device. They might say things like “Your Mac is having problems,” “You have a virus,” or “There is a software update needed.” I don’t believe it. You don’t need to call anyone; ignore the email and move on.

If you receive such an email, here are some tips to help keep you safe:

• Never open attachments sent via email.

• Do not click any links in the email. Instead, type the web address manually in your browser.

• If you see anything suspicious, report it immediately to Apple Support.

• If you think there’s an actual problem with your device, contact support directly.

woman is about to be hit with malvertising

Malicious Advertising (Malvertising)

Malvertising is a form of online deception used to deliver malware to unsuspecting visitors. A malvertiser buys space on legitimate sites, such as news outlets, blogs, social media platforms, and even search engines like Google. They use paid advertisements to redirect users to malicious web pages that contain malware. These attacks are often referred to as “drive-by downloads.”

Security researcher Graham Cluley coined the term “malvertising” in 2010. He noted that while it had been around since the 1990s, it wasn’t widely known outside the industry. By 2019, researchers found evidence upwards of $19 billion was spent annually on malvertising.

 

The Evil Cursor

Tech support scammers often use fake browser windows to trick customers into giving up personal information. One such tactic involves showing a fake error message and asking victims to “click here” to fix it. In reality, clicking on the link takes you to a malicious web page where you are locked into paying money to receive help. This type of scam is called the Evil Cursor technique.

There are several ways that scammers can make sure that you see the cursor on the screen. For example, they might show a fake error message box or hide the actual window behind some overlay. Whatever method they choose, they aim to trick you into thinking something is wrong with your computer.

In addition to being annoying, these types of scams are illegal. Under Section 513(a)(2)(A) of the CAN-SPAM Act of 2003, it is against federal law to send unsolicited commercial email messages that include deceptive or misleading subject lines, headers, or embedded hyperlinks.

The evil cursor trick works by tricking users out of their money. It scams unsuspecting victims into clicking malicious ads, opening malware, or downloading dangerous software.

Here are some examples of how the evil cursor trick works:

1. A pop-up ad appears on a web browser. Hovering over the ad reveals a “close” button. Clicking on the button opens another popup.

2. A banner ad appears on a desktop browser. Hitting escape closes the ad. But hitting escape again opens up a different banner ad.

3. An email arrives with a link to download a program. Clicking anywhere on the email body creates a menu where you can open the attachment.

4. A social media post contains a link to a video. If you hover over the link, the cursor turns into a hand pointing to the play button. Clicking on it starts playing the video.

5. A text box asks the user to enter his username and password. Clicking outside of the input field hides the text box. Then, once the user enters his credentials, he sees a login form.

See also  13 Common Causes Of Data Loss And How To Stop Them Dead In Their Tracks

401 Authentication Loop

This technique exploits the fact that many people will follow instructions if you tell them they came from someone they trust. Sometimes, this could mean following a link sent via email or social media. Many phishing attacks use this method to trick victims into giving away sensitive data.

Phishers often send emails containing links to websites that look like they belong to well-known companies, such as banks or credit card providers. Once the recipient follows the link, the site appears authentic, even though it might be fake.

In addition to looking like real websites, phishing sites often include features that make them seem more trustworthy, including logos, colors, fonts, and layout. They may also ask for personal information, such as usernames and passwords, or request people to take actions, such as clicking buttons or downloading files.

After the user enters their credentials, the site sends the information to a server controlled by the attacker. If the user doesn’t notice anything suspicious about the site, they may think nothing happened. However, once the user logs out of the site, the attacker can access the stolen information.

The authentication loop is a common method attackers use to steal data from victims. In short, it involves creating a login form that looks like it belongs to a legitimate website. Once someone enters credentials, the attacker gets access to those accounts.

There are several ways to detect whether a login form is real or fake. Some techniques include checking the URL, looking for redirections, and seeing if the domain name matches the IP address.

System administrator working on laptop while looking to the server rack

How To Protect Yourself

If you think you’re getting called by someone claiming to be from a major company, hang up immediately. Don’t answer any questions about your computer or financial situation. Instead, contact the company directly at their toll-free number.

 

Keep Your Browser Updated

You should update your browser regularly to protect yourself from any potential threats. That means keeping your browser updated with new versions of both Chrome and Firefox. It also means checking for security updates manually whenever you download a program.

Use a VPN

A virtual private network (VPN) encrypts your internet traffic so that anyone who intercepts it can’t read what you’re doing. 

Don’t Install Software Offered Over the Phone

Many programs out there claim to help you solve problems over the phone. Unfortunately, these programs often contain viruses or trojans that could infect your computer. Instead, look for reputable companies that sell software through websites or apps.

Never Give Out Personal Information

When someone asks for your personal information, such as your name, address, social security number, credit card number, or login credentials, hang up immediately. These details are valuable targets for hackers, and once stolen, they can be used to steal your identity.

Report Scams Immediately

If you think you’ve fallen victim to a scam, report it to the FTC right away. While it’s not always possible to get your money back, at least you’ll know that you didn’t hand over your financial information to a stranger.

Beef Up Security Software

Using SentinelOne and IronScales will help prevent tech support scams by blocking suspicious emails before they reach your inbox. Both tools offer free trials, so give them a shot and see which one works best for you.

Mature middle-aged woman gets help after a tech support scam.

Tech Support Scam Victim Help

If you’re receiving an unsolicited call from a company claiming to provide technical support for your computer, don’t give out any personal information. The caller may try to get you to visit a malicious website to install malware onto your device.

See also  6 Innovative Cybersecurity Awareness Training Tips You Don't Want to Miss

Be wary of calls asking for account numbers, PINs, passwords, or other confidential information. These requests are usually part of a scam to steal money from you.

If you receive a phone call from someone who claims to work at your bank or financial institution, hang up immediately. Never give out your Social Security number, account numbers, or passwords.

Don’t click on links in spam messages or emails. Spammers often disguise their identity with a trusted sender’s name. When you click on a link, you may end up on a malicious website instead of the one you intended.

Never open attachments or download programs from unknown sources. Malicious software can infect your computer without your knowledge.

Contact your Internet service provider (ISP) and IT provider immediately if you suspect you’ve been hacked. Your ISP should have tools to help you recover your password and reset your security settings.

If you need to change your password, do so only after verifying that the new password isn’t similar to your old one. Hackers sometimes use dictionary words when trying to guess passwords.

 

Wrapping Up

 

With tech support scams becoming more prevalent, users need to be aware of these tricks so they don’t fall prey to scammers. The best way to stay safe online is to update your software and install security programs regularly. It’s all a numbers game with these tech support fraudsters — the more people who report their attempts, the less likely they’ll succeed.