What is a Tech Support Scam?
A tech support scam is a form of fraud that is currently gaining momentum on the internet. The scam implements social engineering and fear tactics in order to get the victim to take the bait. There are three main ways this scam is executed – cold calls, pop-up messages on the computer and incorrect search engine results.
Tech support cold calls are when an individual calls the target, claiming to be from a reputable company and states that they have found malware on the computer. The criminal will then try to get the user to install a type of remote desktop software under the pretext of removing the infestation, which would allow the attacker access to the computer in order to install real malware. In addition to attempting to install malware on the machine, these scammers will often ask for a fee to fix the issue.
Tech support pop-up warnings occur when a user is browsing the Internet. Usually, the target is viewing a website that contains links to related content, and when the user clicks on one of those links it will redirect them to a website hosting the pop-ups. These pop-ups can be terribly intrusive, making it difficult for the user to close the window. The pop-ups will then display a message stating that the computer is infected with malware and offer a phone number for help with removing the malware. Often, these pop-ups will look like they come from a legitimate source, such as Sophos or TeamViewer.
Advertising / Paid Search / Confusing Search Results
Fraudulent companies frequently use paid search to advertise their support services. Often these advertisements are taken down once recognised, but this can sometimes take up to a few days.
When searching online, it is possible to receive different search results based on the search engine you are using.
What are the Motives Behind Tech Support Scams?
The main motive behind these scams are to extort money and / or personal information from the victim. Personal information can be accessed by installing malware such as keyloggers or backdoor Trojans.
How to Identify and Avoid Pop-up / Cold-call Scams
Examine the message closely – look for obvious signs of fraud such as poor spelling, unprofessional imagery, and bad grammar.
You can also do an internet search for the phone number that is listed in the pop up to verify its legitimacy. There are many websites out there where people report scammers. This means that if it is a scam, there will be an abundance of search results, often on the first page of the search, that clearly point out the scammer.
You will never receive an unsolicited call from BOSS support to fix issues with your computer for money. You will only receive a call if you request it.
If you do happen to get a pop-up on your computer from Sophos, keep in mind that when the software detects a threat, it will never ask you to call support via a toll-free number.
What to do if You’ve Been Scammed
- Change your passwords: to your computer, to financial institutions and any other password-protected websites that you visit
- Run a Full System Scan for viruses on your computer
- Contact your bank to report that there has been fraud performed on your account
- File a complaint with the appropriate anti-fraud bureau: National Fraud and Cyber Crime Reporting Centre; unsolicited calls
- Contact BOSS to run some further checks