Perhaps the most encouraging and notable piece of RSA’s most recent quarterly report comes in the form of an overall decrease in cyberfraud. The total amount of cyberfraud attacks observed from January 1, 2018 to March 31, 2018, represented a decrease not only from the previous quarter (16.2%) but also from the same quarter of 2017 (8.6%).Read More
Ron Cresswell, J.D., CFE
ACFE Research Specialist
While reading a blog on your laptop, a pop-up message suddenly obscures your computer screen. The message, which appears to be from Microsoft, says that your computer is infected with a virus and instructs you to call a toll-free number immediately. You call the number and speak to a woman who falsely identifies herself as “Sarah with Microsoft Tech Support.” Sarah wants you to download a program that will give her remote access to your computer so that she can diagnose the problem. If you comply, Sarah will claim to find a dangerous virus, or another serious security issue, which she will offer to fix for a fee.
This is called a tech support scam, and, according to the FBI, these scams are on the rise.
Tech Support Scams
In tech support scams, fraudsters impersonate major high-tech companies (usually Microsoft, Apple, Dell or Google) and convince victims to grant remote access to their computers. In most cases, victims are instructed to download and run common remote access software, such as TeamViewer, GoToMyPC or LogMeIn.
The goal of most tech support scams is to convince the victim to pay for unnecessary computer services to repair nonexistent viruses or other problems. However, in other variations on the scam, the fraudsters:
- Steal the victim’s usernames, passwords and other personal information
- Install spyware or malware on the victim’s computer
- Refuse to relinquish control of the computer until the victim pays a ransom
- Try to sell the victim software that is useless or free
- Try to enroll the victim in a worthless computer maintenance or warranty program
- Direct the victim to a website that asks for credit card numbers and other personal information
- Harass the victim with phone calls seeking additional fees
To prevent being victimized by tech support scams, consumers and businesses should take the following precautions:
- Do not give unknown, unverified persons remote access to computers or install software at their direction.
- Resist the urge to act quickly. In tech support scams, fraudsters create a sense of urgency and fear to compel the victim to act immediately.
- Disregard pop-up messages that instruct the user to call a telephone number for tech support. Legitimate companies do not communicate with customers this way.
- Hang up on unexpected, urgent calls from outsiders who claim to be tech support, even if the caller ID says Microsoft, Dell, Apple or Google. Those companies do not make unsolicited tech support calls.
- If there is a question about whether a communication is legitimate, look up the company’s telephone number and call to verify. Do not use the number on the questionable communication (e.g., pop-up message, caller ID).
- Ensure that computer networks are protected by strong and regularly updated antivirus software and a firewall.
While tech support scams are common, they are usually easy to spot. Generally, they involve an unknown person asking for remote access to your computer. Once identified, such scams can be defeated by following the guidelines listed above.