The “tech support” scam has been around for well over 10 years. Although the look and media have changed, the scam has fundamentally stayed the same. If you remember five to six years ago, fraudsters masked themselves as Apple® support. Technology progression (i.e., Voice over IP) makes thieves’ job easier as they can now spoof legitimate caller ID numbers.
Over the last few years, the most common tech-support scam has been Microsoft® tech support. The premise is still the same. For the most part, these are petty thieves who want to steal your credit card or bank account information. Here is how it works:
- You receive a phone call purporting to be from Microsoft. The hook may be, “We detected a virus on your computer,” or "Our record indicates you are using an illegal copy of Windows® operating system" or something along those lines. Imagine the fun I had when I received a call like the latter: My household has only Apple computers. Just like with any phishing attack, scare tactics are their priority.
- From there it's easy. They will claim they need to connect to your computer. A few minutes later you will willingly install remote access software of their choice (e.g., LogMeIn, VNC, etc.).
- Next, the criminal will take control of your computer, install fake antivirus software and run it. You will see terrifying messages going across your screen and will gladly pay to regain access.
- The attacker will take your credit card number over the phone and will swiftly fix your computer. If they are smart, before they depart, they will leave malware behind in order to come back for more money.
This is just one of many examples of how it's done. Awareness is power, so keep the following points in mind:
- No one knows that your computer is infected or that you’re using an illegal version of the operating system. Think about it. There are at least four pieces of information one needs to have in order to uniquely identify YOU: your name, your computer details, your home IP address and your home or mobile telephone number. So, how does a person connect a name and phone number to his or her IP address, an address of which that person is probably unaware? That’s possible only for your Internet service provider (ISP) and three-letter agencies, such as the FBI. Microsoft and Apple don’t fall into these groups.
- If you receive a call like those described above, hang up.
- Never install anything on your computer prompted by a phone call.
- If your company’s IT calls you with an issue you have not reported, they should have a ticket number. Ask for that number, and if something feels odd, hang up. You can then dial in to your company’s help desk and reference the ticket number to confirm its legitimacy.
- If you suspect any fraudulent activity, please contact IT security immediately. Try to provide as many details as possible – for example, caller ID for a phone call, full email for email scams, name of the caller (most likely fake) and any other pertinent information.
Managers, please share this information with contractors and temporary workers.
As always, think before you click.