In this blog post, we share with you common tech support scams, the attack vector followed in such attacks, and tips to help you avoid getting scammed by frauds pretending to be tech support.

What Are Tech Support Scams And How Do They Work?

Technical support or tech support scams are a type of fraud in which the scammers claim to offer legitimate technical support but steal sensitive information or compromise the device in the process. The goal of tech support scams is usually to defraud money or elicit sensitive information that can be used to commit financial fraud, identity theft, or launch further cyberattacks.


Here’s how these kinds of scams usually work: 

  • Step 1: the scammers establish contact with their targets claiming to be representatives of well-known tech companies,

  • Step 2: they offer to help you with a real or fake technical issue with your device or account. 

  • Step 3: they establish trust or gain access to your device and they install malicious software on your device, and

  • Step 4: they steal data, financial information, and other sensitive information.

5 Common Tech Support Scams

Here are the 5 most common tech support scams that businesses face:

1. Password Reset Scam

Password reset requests are quite common in the workplace. Sometimes company policy requires employees to change their passwords at regular intervals and at other times, employees returning from vacations or long holidays forget their password and ask for it to be reset. Tech support scammers are well aware of this and use the password reset process as a pretext to steal login credentials.


Scammers send spam emails to hundreds or thousands of targets in one or more organizations. The emails claim to be either a response to a password reset request or a password change directive as per the company IT policy. Usually, such emails contain a link to a malicious website that looks legitimate but is designed to steal login credentials.

 
google authenticator sample screen
 

For accounts that have two-factor authentication (2FA) enabled, the password reset phishing emails may be accompanied by smishing messages or vishing calls to collect the 2FA code.

2. Account Compromise Warning Scam

Another common tech support scam involves receiving communication of purported account compromise. These kinds of scams use social engineering principles of intimidation and urgency to force the victims into performing actions that they normally would not.


These kinds of scam emails use the branding of reputed brands such as Microsoft, Facebook, Amazon, Netflix, Disney, etc. to appear legitimate. The emails will claim that the user’s account has been blocked, hacked, or compromised in some form. To regain access, it directs the user to click on a link that takes them to a malicious website designed to steal the login credentials or credit card information of the victim.

Some account compromise scam emails may ask the user to call a phone number to regain access. The provided phone numbers are connected to a fake call center and lead to a vishing scam.

3. Free Software, Applications, Or Browser Extension Scam

Nothing available online is free. You have to pay with either a monetary value or with your data, and in the worst case, you may have to pay in the form of loss of your account or sensitive data resulting from a security breach. Fake antivirus, free software, and browser extensions are behind many tech support scams and online frauds.


The “free” software usually do not do what they claim. But more importantly, they may trick you into downloading unwanted or malicious software such as malware, adware, spyware, etc. Once the malicious software is installed, the scammers can hijack the device, steal sensitive information, or launch further attacks using your now compromised device.


4. Pop-up Window Scam

Pop-up windows warning of virus or malware infection are a common tactic used by tech support scammers. The pop-ups are sometimes designed to look like system-generated messages and are often persistent or difficult to close. The pop-ups try to scare the user into calling a phone number displayed on the pop-up. Calling the displayed phone number leads to a vishing scam.


These fake pop-up windows usually appear on low-quality sites offering pirated software, and movies, or free video streaming. But such pop-ups can also appear on legitimate websites that have been hacked or otherwise compromised.

 
different computer screens showing malware infection warnings
 

5. Scam Websites

Scammers often create fake websites that replicate legitimate websites to steal sensitive information from victims. Usually, they use a domain name that is a close variant, a misspelling, or a subdomain of the original website. When an unsuspecting user visits the website, they are asked to enter their login credentials, financial information, or other sensitive information. They may also be offered free software, which turns out to be malware disguised as legitimate software. The goal of scammers is to gain access to the user’s account or steal financial information.

Common Attack Vectors Used In Tech Support Scams

1. Phishing

90% of security breaches that businesses face are a result of phishing attacks. Phishing emails are common because they are easy to send at scale and the scammers know that a lot of business is conducted via emails.


The goal of phishing attacks on businesses is usually to defraud money by convincing the recipient to initiate a wire transfer to fulfill a fake payment obligation, divulge sensitive information, etc. But phishing attacks on businesses come in a variety of forms.

We have discussed phishing in detail in the following blog posts:

2. Smishing

Smishing is a kind of phishing attack that relies primarily on SMS (short messaging service). Similar to email-based phishing attacks, smishing also uses social engineering techniques to steal sensitive information or login credentials.

In a smishing scam, the scammers usually pose as a members of the IT support team of the organization and use a pretext such as a blocked or hacked email account to justify contacting via SMS. In order to reactivate their account, they ask the user to forward them a 2FA code. In the meantime, the scammers use the “forgot my password” option to send a 2FA code to the victim’s phone. If the victim shares the 2FA code, their scammer gains access and takes over their account.

We have already covered smishing in greater detail, so if you would like to learn more about smishing attacks and how to protect against them, head over to our blog post: What Is Smishing And How To Protect Yourself Against It?

password reset smishing example

3. Vishing

Vishing is another type of phishing attack that is carried out using primarily voice calls. Similar to other phishing attacks, vishing is also focused on eliciting sensitive information, device infection, or some financial gain.


In this type of scam, the scammers pretending to be tech support call their target with the pretext of fixing a non-existent issue with a device or an application. They direct the unsuspecting user to download a remote desktop access software and give them control over the device. Once, they gain control of the device, they can steal information or install malware to propagate their attack further.


If you would like to learn more about vishing and how to defend yourself against it, head over to our blog post where we have covered it in detail: What Is Vishing And How To Avoid Voice Scams.

Tips for Avoiding Tech Support Scams

As we have seen in the above sections, most tech support scams rely heavily on social engineering techniques. So awareness and regular cybersecurity training are key to avoiding such scams.


In addition to awareness, here are steps that will help you avoid becoming a target of tech support scams:

  1. Use multi-factor authentication (MFA) such as 2FA. This adds a layer of security and makes it harder for scammers to access your account.

  2. For MFA, use authentication applications such as Google Authenticator instead of SMS-based authentication. App-based authentication codes are harder to steal and more secure than SMS-based authentication.

  3. Do not share or reuse passwords. Use a password manager such as 1Password to help you generate strong passwords and keep track of them. 

  4. Always change the default password of any device that you use.

  5. Install software and updates only from genuine websites such as Ninite.com.

  6. Use antivirus software and anti-malware such as Malwarebytes on all devices including phones and tablets.

  7. Set up standard processes for installing software, applications, and browser extensions.

  8. Set up a method for verifying unusual requests for data or payments.

  9. Work with vendors who have strong internal security practices and security-related certifications. 

  10. Do not respond to or click on links within an unsolicited email or text message.

  11. Use privacy-focused browser extensions that block malicious scripts and pop-ups from running. 

  12. Use robust spam filters that identify and block phishing emails.

  13. Create rules to either filter or flag external emails that appear to come from your domain.

 
antivirus warning on a computer screen
 

How To Identify A Tech Support Scammer

Here are some telltale signs of tech support signs. If you notice any of these red flags, it is best to be cautious:  

  • Out-of-the-blue emails and unusual requests such as purchasing gift cards.

  • The scammers usually ask you to use a communication channel of their choice such as only email, or only SMS. 

  • The scammers try to create a sense of urgency and ask you to act immediately.

  • Phishing emails often have different addresses in the “From” and “Reply-To” fields.

  • Phishing emails and messages usually contain typos, grammatical errors, and unusual date formats or characters.

  • The URLs in the email or message are often shortened.

  • If you hover your mouse over the URL, the destination appears different from what is written in the message.

  • The website a scammer directs you to usually will not have “https://” and a padlock symbol in the address bar.

What To Do If You Get Scammed

If you believe you may have been scammed, here are steps you should take immediately:

  1. If you disclosed any banking information or credit card details to the scammer, immediately contact the bank to block the credit card and transactions on the accounts that you fear may have been compromised.

  2. Immediately contact your IT team to seek advice on remedial actions and the best course of action to secure your accounts and devices.

  3. If you disclosed your social security number to the scammer, contact the consumer credit reporting agencies to prevent identity theft.

  4. Report the fraud to the Federal Trade Commission.

  5. Report the scammer’s phone number to the National Phone Number Registry.

  6. File a complaint with the Federal Communications Commission.

Conclusion

Cyberattacks, scams, and fraud are not going to stop. Businesses are bombarded with hundreds if not thousands of phishing attempts and scams every day. Given the volume of such attacks, it is likely that a percentage of them will get past security systems and through to the employees. So a little bit of planning and regular cybersecurity training can go a long way in enhancing the security of your organization.


A little planning and preparation can keep your organization safe from tech support scams and frauds. Helping employees stay up-to-date with security processes and procedures for verifying unusual requests for data or payments keeps employees vigilant and safe from scams. Getting employees familiar with the security resources also ensures that they know what to do in case of emergencies and security incidents.


Regular cybersecurity awareness training helps improve your employees’ ability to spot vishing, smishing, and phishing scams. If you are a Jones IT customer, you can reach out to your dedicated consultant to schedule a Cybersecurity training session.


If you are not yet our customer, click the button below to reach out to us and learn how we can help improve your organization’s security.


If you liked the blog, please share it with your friends

About The Author

Avatar

Hari Subedi

Marketing Manager at Jones IT

Hari is an online marketing professional with a focus on content marketing. He writes on topics related to IT, Security, Small Business, and Mindfulness. He is also the founder and managing director of Girivar Kft., a business services company located in Budapest, Hungary.

   
 
 

Comment