October is Cyber Security Awareness Month! Follow along on our blog and social media channels to get on-the-pulse cyber security news and strategy recommendations from our team.
Have you ever received a phone call from someone claiming to be a representative of a software company? Or an email from Apple or Netflix claiming that there are issues with your account?
You’re not alone. Tech support scams have become an industry-wide issue. It’s crucial that you educate yourself, as well as your colleagues, family, and friends on the tell-tale signs of these scams.
What is a tech support scam?
A tech support scam is a tactic whereby scammers scare or trick victims into paying for unnecessary or fraudulent technical support services. Not only can these scams corrupt your banking information, but they can corrupt your devices and personal data too.
You may receive a call directly on your phone with the person on the other line acting a representative for a familiar software company. Often, the scammers will spoof the caller ID so that it displays a legitimate support phone number from a trusted company. They can then ask you to install applications that give them remote access to your device, and then misrepresent normal system output as signs of problems.
You may also see scams in the form of fake error messages on websites you visit, displaying support numbers and encouraging you to call to fix a pertinent tech issue. These fake error messages aim to trick you into calling an indicated technical support hotline.
Finally, tech support scams are often initiated through email. You may see an email in your inbox detailing billing or technical issues within one of your accounts, most commonly including large companies such as Apple, Netflix, or Amazon.
How can I spot a tech support scam?
The easiest way to spot a tech support scam is to be aware of the most obvious giveaways or signs that the message is not legitimate.
Here are the main things to keep in mind:
- Any communication with a major tech company, such as Microsoft or Apple, has to be initiated by you.
Most major software companies, such as Microsoft, do not send unsolicited email messages or phone calls to request personal or financial information, or to provide technical support to fix your computer. In order to receive tech support from them, you must contact them or file a support ticket.
- Error and warning messages from Microsoft never include a phone number.
If you receive a fraudulent tech support notification on your device, it will most likely include a phone number and entice you to call. Microsoft, among other software companies, does not include any phone numbers in notifications.
- If you initiate a phone call with a tech support scammer, they will often ask you to open Windows event viewer and look to some error messages in these logs.
The error messages in these logs are completely normal and do not signal any issues, but most users are not aware of this.
- The scammer will ask you to download software that allows them to remotely access your device.
This software is most likely corrupted and will allow them to entirely hack your device and have access to all of the personal data that you have stored on it. Never give remote access and control to your computer to someone you don’t know.
- In tech support scam emails, the sender’s email address will not be legitimate.
An easy way to spot a scam email is to check the “from” email address. Cyber criminals will often mask the “from” address with a name that look legitimate, but a simple click on that name will reveal the sender’s address. For example, a scam email from someone pretending to be apple may at first glance read “From: Apple”, but if you click on it, you will see that the sender’s address is firstname.lastname@example.org or something else that is clearly not coming directly from the company.
What do I do if I’ve fallen for one of these scams?
If you’ve become a victim of a tech support scam, start by reporting the incident to the police. If your banking information has been corrupted, call your bank immediately. If your device has been corrupted, we recommend contacting a trusted computer technician, or if you’re at work, having your IT provider handle the situation.
Overall, the most important step in this process is remaining vigilant and aware that not all digital messages that you receive can be trusted.
If you’re a business owner, working with a managed services provider can help make sure that your staff is properly trained and secured against these kinds of scams. Contact us to learn more and have your security environment assessed!