Thursday, July 30, 2020
How to Identify and Avoid Fake Tech Support Scams
How to Identify and Avoid Fake Tech Support Scams How to Identify and Avoid Fake Tech Support Scams How to Identify and Avoid Fake Tech Support ScamsMany people allow tech support teams to remotely take over their computers, a trust that scammers love to exploit.If youâve ever had a problem with your computer threaten to wipe out all your work or your photos or your music library, then the chances are good that youâve also eagerly hopped on the phone with tech support to get the issue resolved.Perhaps its because of this eagerness to talk to tech supportâ"as well a corresponding fear of a dangerous virus wiping out our computers and/or stealing all of our personal informationâ"that fake tech support scams have gotten more popular.Because of the internet, we are living in a new world where peopleâs trusting nature is being taken advantage of at a scale never seen before,â observed Steve Tcherchian, Chief Product Officer and CISO for XYPRO Technology (@xyprotechnology). âAttackers have access to targets that were not previously available. We have to educate ourselves and be overly cautious and suspicious of everything.âWe couldnât agree more! So sit back, scroll down, and learn more about how these fake tech support scams work and what you can do to identify and avoid one before youâve been hit.Heres how fake tech support scams work.Identity theft expert Robert Siciliano (@RobertSiciliano), CEO of Safr.Me, laid out how these fake tech scams usually unfold:âYou receive a call from someone informing you that your computer is infected with a really bad virus and needs prompt attention. The crook tells you he needs remote access to your computer, then proceeds to âfixâ a problem that never existed, and you get charged a fee for it.Worse, when they are logged into your device, they install spyware so they can see everything you do on the PC all day long.âSiciliano cautioned that these tech support scams have several variations, and related the general series of steps that another popular variant tends to tread:âThey contact you, you freak out thinking your PC has the Ebola virus, then you allow them on your PC, then you pay.âThey ask if you were happy with the service. If you say no, theyâll then claim they can get your money back.âAnother claim is that the company is going belly up, and as a result, theyâre giving out refunds to individuals who already paid.âWhen enough of these phone calls are made, a certain percentage of the recipients will respond exactly the way the fraudsters want them to: The victims will give out their credit card number or bank account information after being told that this is necessary to process the refund.âThe scammer may tell you to create a Western Union account in order to receive the refund. Gee, they may even offer to assist you in filling out the forms (how nice of them!) if you hand over remote access to your computer. But they wonât be putting money in your account; theyâll be taking money from it.ââTech support scams are becoming increasingly difficult to identify,â Tcherchian lamented. For years, users have been encouraged to call tech support, where then a tech support agent would remotely connect and resolve the usersâ issue. In fact, when I ran tech support operations for a large call center, remote access was the quickest way to solve any issue.And while phone calls are the most common ways that scammers try to make contact with their marks, they are far from their only mode of communication. âThese scams are also coming through other mediums, such as LinkedIn or Facebook,â warned Tcherchian. âSame concepts apply.âThey want your personal information.âThe number one thing that consumers need to know is that these scams are trying to get personal information from you,â warned Tim Prugar, the VP of Operations and Product Owner at telecommunications technology firm Next Caller (@nextcaller).âThey want you to grant them remote access to your computer or accounts, to give them payment information, or even persona l information that can seem relatively benignâ"like address, mothers maiden name, or last four of your social security number.âAnd once they have your personal information, those scammers can then attack your accounts at different institutions.âFraudsters use this information to carry out a secondary attack or account takeover, typically at a financial services institution, wireless provider, or insurance company,â said Prugar. âSometimes the scammers will be able to build a level of trust through social engineering that will allow them to convince victims to transfer funds right then and there.âGetting scammed out of some money is bad enough, but getting scammed out of your personal information can put your financial wellbeing at risk.The bad kind of âspoof.âIf a scammer is trying to contact you over the phone, there is one surefire way to make sure that they donât reach you: Donât pick up. As Siciliano put it: âWhy bother even answering a call in the first p lace if you donât recognize the callerâs number?âBut while ignoring unknown phone numbers is a good first step to evading fake tech support scams, scammers have already found a way to make their phone calls look like they come from a far more trusted source.âThe scam is usually initiated through a direct callâ"either a robocall or a targeted attack â"that utilizes ânumber spoofing,ââ said Prugar, who sits on the board of the Communications Fraud Control Association.âSpoofing is the practice of intentionally manipulating the number that displays on the victims caller ID. Fraudsters will âspoofâ their number to appear as a legitimate business, a government entity, or even a local area code (this is called âneighbor spoofingâ).Luckily, that âdonât pick upâ advice still applies.âIf the callerâs number appears to be from âyourâ bank or credit card company or from Microsoft or anyone you already know and trust, still donât answer,â said Sicilian o. âIf itâs legitimate, theyâll leave a message.âEven still, donât call back the number they give you,â he continued. âIf they leave a message, contact the institution via the number thatâs on your statements to find out if the caller was legitimate.âBeing the caller isnt totally safe either. This brings up yet another wily and insidious way that tech support scammers use to fake out their targets. Even if you dodge their phone calls and try to call the correct number the company theyâre using as a cover, a lack of due diligence on your part could lead you right back into their grasp.âToday, there is no guarantee the number youâre calling for tech support is correct,â explained Tcherchian. There are plenty of fake websites, popup ads and other online posts redirecting computer vendor phone numbers to malicious ones. You may think youâre calling Microsoft or Dell, but youâre actually calling the scammersâ hotline. The person who answers the phone may sound completely legitimate and helpful.To safeguard against this, Tcherchian stressed that you shouldnât simply Google the companyâs phone number. Instead, he said that you should make sure to only call the number that is listed on the vendorâs actual website.Always, always, always be cautious. In general, you should always approach any tech support interaction with extreme cautiousness, especially if that support involves granting them remote access to your computer.âConsumers should never allow tech support to take over their computer unless they are absolutely certain they are talking to a reputable firm they initiated contact with,â said Ray Walsh, a digital privacy expert at ProPrivacy.com (@weareproprivacy). âEven when consumers do initiate contact with a tech support team, great care must be taken to ensure that this support is genuine.âOnly scammers contact you out of the blue. âConsumers must be aware that legitimate tech firms do not contact you by pho ne, email, or text message, to inform you that there is a problem with your machine,â explained Walsh. âIn addition, genuine pop-ups will never ask you to call a phone number for help.âIn addition, legitimate tech support teams wonât go suddenly asking you for money or for your bank account information in the middle of the transaction. Scammers, on the other hand â¦.âScammers may ask to be paid for providing fake help. This can be as simple as walking the victim through hoax fixes and then asking for them to wire payment, put money on a gift card, or use money transferring apps to send a fee,â said Walsh.âAs is always the case when random services (or individuals) ask for money onlineâ"never pay unless you can genuinely ascertain that the invoice is credible.If youâre on the phone with a tech support team that starts asking you to provide your credit card or bank information or Western Union account number, Siciliano variation on his âdonât pick upâ advice fr om earlier that can save you: âHang up.âWhat to do if youâve been taken in.If you get taken in by a fake tech support scam, there are still steps you can take to protect yourself and to try and limit your financial losses.âAnybody who thinks they have been infected with malware should begin by ensuring all their security softwareâ"such as Windows Defender which comes built into all Windows machinesâ"is up to date,â advised Walsh.âIn addition, they should use an antivirus program such as Malwarebytes free to scan their computer. If any infections are present these programs should be able to pick them up.ââAnybody that accidentally pays a scammer may be able to cancel the transaction if they are quick enough so always cancel your card or contact the credit card company or bank as quick as you can to attempt to stop the transaction from taking place,â he added.To protect future would-be marks, Siciliano also recommends that you file a complaint with the Federal Trad e Commission. To read more about you can protect your money and your identity from fraudsters and scammers, check out these other posts and articles from OppLoans:11 Tips for Protecting Your Data OnlineHow to Avoid Getting CatfishedExpert Roundup: 13 Signs Youâre Being Scammed5 Steps You Can Take to Prevent Identity TheftDo you have a personal finance question youd like us to answer? Let us know! You can find us on Facebook and Twitter. | InstagramContributors???????Tim Prugar is the Vice President of Operations and Product Owner at Next Caller (@nextcaller), a telecommunications technology firm based out of New York City. Next Caller specializes in providing a positive customer experience through real-time call-verification for enterprise call centers. Tim is a member of the Communications Fraud Control Association Board of Directors.Robert Siciliano (@RobertSiciliano) is a #1 Best-Selling Author and CEO of Safr.Me. Safr.Me is funny but serious about teaching you and your audience fraud prevention and personal security. Robert is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). His programs are cutting edge, easily digestible and provide best practices to keep you, your clients and employees safe and secure. Your audience will walk away as experts in identity theft prevention, online reputation management, online privacy, and data security.Steve Tcherchian, CISSP, PCI-ISA, PCIP, is the Chief Product Officer and CISO for XYPRO Technology (@xyprotechnology). Steve is on the ISSA CISO Advisory Board, the NonStop Under 40 executive board and is part of the ANSI X9 Security Standards Committee. With almost 20 years in the cybersecurity field, Steve is responsible for strategy, innovation and development of XYPROâs security product line as well as overseeing XYPROâs risk, compliance and security to ensure the best experience to customers in the Mission-Critical computing marketplace.Ray Walsh is a digital privacy expert at ProPrivacy.com (@weareproprivacy) with vast experience testing and reviewing VPNs and other online security software. He has been quoted in The Times, The Washington Post, The Register, CNET more. Ray is currently rated #1 VPN and #3 internet privacy authority by Agilience.com.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.