• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Consumer   »   Tech Support Scams: What are They and How do I Stay Safe?

Tech Support Scams: What are They and How do I Stay Safe?

  • Posted on:January 8, 2019
  • Posted in:Consumer, Security
  • Posted by:
    Trend Micro
0

If you read this blog regularly you’re no doubt aware that cyber-criminals are a determined bunch, with a large range of tools and tactics at their disposal to rob you of your identity and hard-earned cash. Tech support scams (TSS) are an increasingly popular way for them to do just this. In 2017, Microsoft Customer Support Services received 153,000 reports from customers around the world who encountered or fell victim to these scams, a 24 percent increase on the year previous. Many lost hundreds of dollars in the process.

Yet the real scale of the problem is likely to be many times bigger.

If you’re still unsure what tech support scams are, and how you can protect yourself, this handy guide will tell you everything you need to know.

What types of tech support scam are there?

Tech support scams target users of any devices, platforms and software and can involve a variety of tactics. Typically, they include both an online element and/or a phone call with the scammer, who pretends to be technical support worker for a reputable company like Microsoft or your ISP. They try to trick you into believing there’s something wrong with your computer so that you agree either to hand over money (and credit card details) to ‘fix’ it, and/or allow them remote access to your machine — which enables them to download covert info-stealing malware.

Here are the two main ways a TSS can begin:

  • Cold calling: You could get a call at any time from one of these fake ‘tech support’ workers. They may even hijack Caller ID to appear legitimate. They’ll try to bamboozle you with tech jargon and create a sense of urgency that your machine and the data on it is in danger if you don’t act immediately.
    They’ll usually persuade you to download a special tool so they can remotely access your PC. They’ll then pretend your machine is infected with malware and ask for payment to remove it, or to buy a meaningless maintenance, support, or security package. Ironically, by giving them access to your PC, you’ve provided an opportunity for the scammers to download real malware to steal more of your personal information.
  • Online issues: A scam could also start online, if you accidentally visit a malicious website. How might you do this? Potentially, by mistyping the address of your favorite site into the address bar, or by clicking on a scam link in an unsolicited email. You might even have been searching for some breaking news on a particular high-profile story, only to find a link high up on the search listings took you to a malicious website.
    After doing so you might suddenly be presented with pop-ups saying your computer is infected with malware or malfunctioning. Sometimes they put your browser onto full screen mode with alerts which can’t be removed, effectively locking your screen. The message they display is likely to have a ‘tech support’ phone number you’re urged to call to sort the non-existent problem out. That will put you through to those same scammers that cold call users in scenario 1.

The bottom line is that if you fall for one of these tactics, you may lose an initial sum of money by paying the scammer, but also be exposed to further fraud on that card in the future as they’ll have your details on file. You could also be at risk of identity theft if the bad guys have downloaded malware to steal more personal info from your machine, like banking log-ins, Social Security numbers and more.

Microsoft claimed last year that three million users are subject to these scams every month, and more than half (56%) are from the US. The FBI, meanwhile, estimated tech support fraud losses in 2017 amounted to $15 million, an 86 percent increase on the previous year.

How do I stay safe, or recover, from a scam?

Fortunately, there are several things you can do to prevent the scammers getting what they want, and even if you are caught out, some quick thinking can help to minimize the impact on your life and finances.

Staying safe:

  • If you receive an unsolicited phone call claiming to come from Apple, Microsoft, Verizon or similar, hang up, or get more details and call the company back directly. Don’t hand over any personal or financial information and don’t allow the caller to download anything to your computer.
  • Stay up-to-date with the latest browser and software/OS versions to minimize the chances the bad guys can take you to malicious sites or launch pop-ups on your machine.
  • Take extra care when typing website names into your address bar.
  • Be cautious online: don’t click on any links in unsolicited emails or on websites.
  • Only download software from legitimate vendor websites/app stores.
  • Invest in third-party security software from a reputable supplier like Trend Micro, to detect TSS malware.

If you’ve been scammed:

  • Immediately delete any remote-access software the scammer may have encouraged you to install.
  • Download and use software from a provider like Trend Micro to detect and remove any installed malware.
  • Once malware has been fully removed, change all your computer and online account passwords.
  • Call your bank/credit or debit card provider to cancel relevant cards and claim back any money already lost.
  • Continue to monitor bank and online account activity and take action if there’s anything suspicious.
  • Upgrade your software, OS and browser to the latest versions.
  • Beware of follow-on scams in the coming days, weeks, or months.
  • Report the scam to Microsoft, Apple or other relevant provider.

How can Trend Micro help?

For the online side of tech support scams, Trend Micro Security offers comprehensive multi-layered protection from the malicious sites, pop-ups, browser takeovers and malware associated with tech support scams. Here are just some of the techniques we use to keep you safe:

  • Web Reputation Service: Blocks access to any malicious URLs linked to scams.
  • Script Analyzer Lineup: Scans websites for any malicious code run on the web pages, to detect the presence of potential tech support threats.
  • Real-time Virus Scanner: Blocks any suspected malware downloads from support scam sites.
  • Static Intelligence Engine: Leverages machine learning to greatly enhance the detection of tech support scams.
  • Scanning/malware removal: Cleans-up any malware installed on infected machines if you have been caught out by a support scam.

Visit Trend Micro Security to find out more about how TMS protects you, or to buy the product.

Related posts:

  1. Tech Support Scams: What are they and how do I stay safe?
  2. VPN 101 – Part 1: What You Need to Know to Stay Safe and Protect Your Privacy Online
  3. Bad Rabbit Ransomware – What is it and how to stay safe
  4. How to Stay Safe Online this Cyber Monday

Security Intelligence Blog

  • Fileless Cryptocurrency-Miner GhostMiner Weaponizes WMI Objects, Kills Other Cryptocurrency-Mining Payloads
  • Magecart Skimming Attack Targets Mobile Users of Hotel Chain Booking Websites
  • When PSD2 Opens More Doors: The Risks of Open Banking

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Beyond The Standard CISO Cloud Security Guide
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • XDR Is The Best Remedy As Attackers Increasingly Seek To Evade EDR
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: IoT Devices Are a Target in Cybercriminal Underground
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Cyberattack Lateral Movement Explained
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Innovate or Die?

Follow Us

Trend Micro In The News

  • Hackers to stress-test Facebook Portal at hacking contest
  • NEW TECH: Trend Micro inserts 'X' factor into 'EDR' - endpoint detection response
  • Fake Tech-Support Scams on Twitter Could Cost You, Study Warns
  • Black Hat 2019: 2020 Election Fraud Worries Attendees
  • Vicious Malware Threatens to Turn Search Engine Into Crypto-Mining Zombie Botnet
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.