Recently, my mother-in-law told me about a lady in her Sunday School class who had been victimized by a scammer. The lady’s caller ID said the call came from Microsoft, and the caller claimed he could help her computer run faster. Because the call appeared legitimate, she went along with it and allowed him to access the machine remotely. She didn’t realize until it was too late that the caller had installed software on the victim’s computer that locked it, and then he threatened to destroy all the information on the machine unless she paid a fee.
“Tech support” scams are not new; for years, scammers have been trolling for victims by cold-calling, then convincing them their computer needed to be fixed, and demanding to be paid. It’s a lucrative business; the tech site Malwarebites.com quotes Microsoft estimates that scammers took in $1.5 billion in 2015 using the technique.
But in the past few months, tech-support scammers have started emulating the tactics of “ransomware” scammers, calling targets and claiming their computer has been infected by viruses. By using remote access (granted voluntarily by the unwitting user) to install malicious software on the machine, the scammer takes control of the machine and promises to release it if a fee is paid. This escalation gives unprecedented levels of control, and for victims, it can prove a costly intrusion — at risk is sensitive personal information, as well as photos, videos and other information stored on the machines.
In October, Malwarebites published a white paper titled, “The Anatomy of Tech Support Scams: How Tech Support Criminals Continue to Exploit Consumers and Businesses Without Getting Caught.” The paper noted that the target is still the elderly (who are often considered less tech-savvy), but the scammers’ nets are widening.
“Not surprisingly, most tech-support scams heavily target a demographic that is not tech savvy — the elderly,” the authors noted. “…However, with the emergence of tech-support scam lockers this year, anyone is now a potential victim. This new tactic no longer just employs social engineering, and criminals are no longer solely targeting less tech savvy individuals.”
What’s also changing, the white paper noted, is where these scams originate. While most tech-support scams came from India, Florida is becoming a hotbed of tech-support scam activity. The paper goes on to detail some tactics used by tech-support scammers, as well as potential ways to address the problem. If you’re interested in the topic, it’s worth a read.
There are ways to prevent yourself from being a victim of this pernicious scam. The Federal Trade Commission has shut down a number of such operations in the past couple of years, but criminals continue to seek victims. Here are a few of the FTC’s pointers for recognizing and preventing a scam:
- Don’t give up control. If someone calls claiming your computer has been infected with a virus, hang up immediately. They may fool your caller ID into thinking it’s a local call, but these numbers can be “spoofed” to fool you.
- Don’t fall for online ads. Here’s a new word to many of us: malvertising. This is advertising on the web, through email or search engine results, that promises to rid your computer of virus and malware. By clicking on links, you can highlight yourself as a potential victim. If you need tech support for your computer or a web service you use, the FTC advises that you look for the company’s phone number in your printed software documentation or confirmation emails, then call it.
- Protect your personal information. Never provide your credit card number, bank account numbers or passwords to someone who calls and claims to be from tech support.
- Don’t give in to pressure tactics. If a caller pressures you to buy a computer security product or says there is a subscription fee associated with the call, it’s a huge red flag.
More on this topic is available at https://www.consumer.ftc.gov/articles/0346-tech-support-scams#If_You_Get_a_Call.