As the digital landscape evolves, so too do the scams targeting Internet users. Malicious actors prey on your trust for financial gain or, even worse, to gain access to your personal and health information.
Scams involving tech support are among the most prevalent. They can result in an attacker gaining access to all the data on your system or even allow the attacker to impersonate you. How does it work? Con artists pose as official tech support and send out phishing emails to scare their victims into calling a fake tech support number or clicking on a malicious link. Once the victim calls their fake tech support number, the attacker will ask for remote control of the victim’s system. Attackers use legitimate remote desktop software such as TeamViewer or AnyDesk (open-source, free license software) to gain access to victims’ systems, posing as popular businesses we use in our everyday lives: Amazon, Apple, Microsoft, PayPal, Costco, Geek Squad, YouTube, MasterCard, Visa, or even your place of employment.
How to identify a tech support scam
Given the prevalence of this scam, it is important to learn the signs and action plans.
Companies like Microsoft and Apple do not offer tech support unsolicited. If you receive unsolicited communication from these “companies” asking for personal information or providing tech support, this is most likely a scam. There are three common methods for this scam: phone calls, pop-ups, and email.
Attackers may spoof phone numbers to seem official. With an urgent tone, they can persuade people to take action.
Pop-up windows are a bit different: they appear on your computer screen with a warning of a security issue on your computer. These windows also have a phone number to contact for immediate help. Remember, companies do not reach or share their phone number in that way.
Similar to the pop-ups, phishing emails will be written in urgent language to compel you to act immediately. Clicking the link could install malware, allowing scammers access to your device.
Fig.1: Image depicts a classic tech support scam where it’s faking detection of a virus on a victim’s system and requesting a call to their fake number (Source: The Media Trust).
How to protect yourself
In summary, to protect yourself from tech support scams:
- Never give access to your devices to people you do not know or trust.
- Avoid unknown phone numbers—it is a good idea to immediately hang up if you recognize the call as a scam.
- If an unknown pop-up appears on your screen, or you receive an unsolicited email, avoid clicking on any links.
- If you have any doubts about the message, search the company’s official site and use the contact information published there.
Maintaining antivirus software and following the latest cybersecurity news are also great cyber hygiene practices.
This link provides training videos on how to recognize, avoid, and report tech support scams: How To Spot, Avoid, and Report Tech Support Scams | Consumer Advice (ftc.gov).
Always report suspicious emails
When you identify a suspicious email, forward the email to reportaphish@udel.edu, Even if you have already clicked on it, reporting phishing emails helps to protect all users at UD.
In addition, for each month’s phishing test one person will be randomly selected from all eligible UD community members (IT personnel are not eligible) who forward the phishing email to reportaphish@udel.edu. The winner gets to choose a prize from several options. Along with doing the right thing, we hope these prizes will provide an additional incentive for everyone to report suspected phishing attempts.