FBI Tech Tuesday—Building a Digital Defense Against Tech Support Fraud
Welcome to the Oregon FBI’s Tech Tuesday segment. This week, building a digital defense against tech support fraud schemes.
In 2017, the FBI’s Internet Crime Complaint Center—or IC3.gov—received about 11,000 complaints from people who claimed to have lost $15 million in tech support scams. That’s an 86% increase in losses from 2016. In this kind of fraud, the scam artist’s goal is to convince you that he works for a well-known, reputable company, and he just wants to help you resolve some non-existent problem. In the end, it will cost you a bit of money and a lot of access to your personal info.
To help consumers fight back, IC3.gov recently issued a new warning about the evolving ways that tech support scam artists are operating. Here’s what you need to know:
Tech support fraud scams can start in any number of ways. For some time, it has been common for the fraudster to contact you by phone or e-mail. Now, fraudsters are also working to encourage you to call them. This actually happened to me just a few weeks ago. I hit a reputable webpage that obviously had malware on it. When I tried to close the page, I got both a verbal, recorded message and what appeared to be a print screen telling me that a tech support company had remotely identified malware on my computer. I had to call the 800-number on the screen right away or the helpful tech support folks would be required to shut my computer down as a precaution. Obviously, the whole thing was bogus.
In a related twist that the FBI is seeing—victims are sometimes purposefully making the initial approach instead of the other way around… but they think they are calling a legitimate business. Maybe you really did download malware or are the victim of a ransomware attack. You do a search online looking for help—well guess who paid that search engine to get his ad at the top of your list of results? He looks legit but may be far from it.
Regardless of how the fraudster gets you on the line, he will likely ask for remote access to your device to “fix” the problem, update the software, or get rid of the malware. In reality, he now has the ability to download malware onto your computer, launch phishing attacks against your contacts, and access your personal info—including tax returns, health records, and more. To top it off, you’ve likely paid him for his alleged help before you figure out the true cost of this tech support fraud.
So how do you protect yourself?
- Remember that legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals.
- Install ad-blocking software that eliminates or reduces pop-ups and malvertising, which is online advertising designed to spread malware.
- Be cautious of customer support numbers found via online searches. Phone numbers listed in a “sponsored” results section are likely boosted to the top because a business (or fraudster) paid for that service.
- Resist the pressure to act quickly. The criminals like to create a sense of urgency to produce fear and lure the victim into immediate action before you have time to think.
- Do not give unknown, unverified people remote access to devices or accounts.
- Ensure all computer anti-virus, security, and malware protection is up to date.
- If you do receive a pop-up warning that looks like tech support fraud—shut down, wait a few minutes and try to restart your computer. Often, the pop-up will go away.
Next week, we will talk about a new trend that has these fraudsters working overtime to do additional damage to their targets.
If you have been victimized by this scam, you can file an online report at the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.