Tech Support Scams Target Your Personal Information: How to Recognize and Avoid Them
Although you probably take it for granted, the computer that's currently sitting in front of you is a sophisticated piece of technology. That's why it sometimes breaks and doesn't function properly. Because it's a sophisticated piece of technology, fixing a computer isn't as easy as screwing in a lightbulb, and experts have been making a living out of resolving users' PC woes. Others, meanwhile, have been using these woes to defraud people and amass illegal fortunes.
Tech support scams have existed for nearly as long as tech support itself, and according to Microsoft, this type of fraud is becoming more and more prolific. In April, the Silicon Valley giant said that in 2017, it received 153 thousand complaints from people who have become victims to tech support scammers. How many others were too embarrassed to report the ordeal is subject to speculation, but Redmond did say that 15% of the people who did complain suffered actual monetary damage. 15% might not sound like much, but it's far from insignificant, especially when you consider the fact that in most cases, the damage amounted to several hundred dollars. Today, we'll take a look at what a tech support scam is, and we'll try to figure out why it's so effective.
Hook, line, and sinker
Fraudsters use a number of different mediums for this. They can cold call you, they can compromise a legitimate website and fill it with popups and warnings, or they can set up their own fake page and then employ some SEO techniques to push it to the top of the search results. Regardless of the vehicle, the goal is the same.
The crooks use a lot of social engineering to convince you that something's wrong with your computer even though it might be in perfect working order. Often, you are fooled into thinking that there's a massive malware infection, and to make things more real, the criminals regularly impersonate Microsoft or well-known security companies. In most cases, shortly after taking the bait, you are on the phone talking to a "support agent" who will help you rectify the situation.
Because the connection is over the phone, you need to give the support person access to your computer, and this is usually done via a remote administration tool like TeamViewer. The crooks then go to great lengths to persuade you that something with your PC has gone horribly wrong. They sometimes pull fake logs, and they often show you errors that are real but in no way abnormal. Because the majority of victims are not terribly tech-savvy, the crooks often fool them by typing in some simple commands in the command prompt window. It's pure social engineering in action, and users often don't suspect a thing which is crucial for the next stage of the operation.
Netting the profits
When the tech support scammers gain your trust (and remote access to your PC), they have a world of opportunities in front of them. They can, for example, download a fake anti-virus program that will perform a fake scan and will remove the fake virus that doesn't exist. Alternatively, they can input a few commands and tell you that with them, they have completely cleaned and optimized your system. Either way, the whole thing will cost you a few hundred dollars.
Because you know nothing about Windows commands, however, you might not spot that while typing furiously in the cmd window, the helpful support person also downloaded an executable file from a remote server and ran it. This file could be a keylogger or an information stealer that will silently take your personal data and send it the hackers' way.
Spotting a tech support scam
It is a bit of a surprise that tech support scams seem to be so effective because even if you're not a computer wizard, many claims made by the fake warning pages can be busted using nothing more than common sense.
First of all, you have the fact that while surfing the Internet, a random website suddenly found out that your PC is full of malware. Now, while websites loaded in the browser might be very good at displaying typo-infested warnings of impending doom, they just can't perform malware scans.
Then you have the sometimes pitiful attempts at impersonating established names in the IT industry. It is true that many security companies and other service providers offer remote support. It's often done via telephone, and remote administration tools are indeed used. This service is only offered to paying subscribers, though, not random Internet users, and mostly, it's you, the customer, who requests it, not the other way around.
As for Microsoft, many fraudsters try to impersonate the Redmond behemoth because it's a household name. Nevertheless, as big as Microsoft is, it will not help every single Windows user that has picked up a malware infection. It's just not possible.
The consequences of a tech support scam could be more serious than a few hundred dollars that went the wrong way, especially if the crooks decide to drop malware on your PC. Keeping your wits about you and not giving random strangers access to your computer should keep you safe, but despite this, the threat must not be underestimated.