We’ve all been there. You get a phone call claiming to be from a Microsoft tech support team saying your computer urgently needs fixing. Their persuasive, seemingly legitimate and if you’re not on the ball you can end up with an infected computer and out of pocket.
According to Microsoft’s own customer services team the number of complaints they receive about tech support scams have risen by a quarter since 2016. Last year they received 153,000 reports from customers who had encountered a scam or fell victim to one. These reports, they said came from more than 183 countries.
And in their 2016 survey they found two-out-of-three respondents had experienced some form of tech support scam with almost one-in-ten losing money. On average between $200 and $400.
The problem Microsoft say is that while new, improved security measures has made it increasingly difficult for cybercriminals to gain control of our devices, the one weakness in the process is us.
A typical tech support scam works like this
A user receives a cold call claiming to be from an operating system vendor or ISP saying a security problem has been found on their computer.
The scammer will attempt to get you to look for error messages in Windows Event Viewer’s log. They then get the user to give them remote access to their computer in order to fix the problem.
The scammer then says they have identified threats and will persuade the user to hand over their card details to pay for the fix. What’s more they may have downloaded a malware or trojan on your system to mine it for valuable data.
And the scam isn’t restricted to PCs, all sorts of devices and operating systems have been targeted, including mobile platforms and Apple Macs. But the vast majority are still targeted at Microsoft.
It is important to remember that Microsoft does not send out unsolicited emails or make unsolicited phone calls. They neither request personal or financial information. Similarly, a genuine Microsoft error message will never contain a phone number.
Tech support scams come in various forms, not just the cold call. Two other particular types of attacks are scam websites and email campaigns.
With scam websites the criminals will try to lead a victim to it through ads, search results, typosquatting and other fake mechanisms.
Typosquatting sometimes called URL hijacking relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser.
Should a user accidentally enter an incorrect website address they may be led to an alternative website owned by a cybersquatter.
We are all, or we should be aware of email phishing campaigns. With tech support scammers they attempt to trick email recipients into clicking URLs or malicious attachments.
So, if you’ve fallen for the persuasive caller and handed control of your device and your credit card details to a scammer. Apart from felling a little foolish what should you do now?
Call your bank
Most banks and financial institutions are well aware of these scams and will have experienced them regularly. They should be able to help you put a security alert on your account and deal with fraudulent charges. Most banks will immediately issue a new card but if they don’t insist on it.
Don’t wait for your bank to contact you. If you wait too long, then they might not be able to help.
Isolate and quarantine your computer
If its been infected, then unplug the affected computer’s network cord and turn of its wireless connection. You may have to back up your data, wipe its disks and reload your computer, perhaps from default settings or timelines.
If you’re unsure then take the device to a reputable local computer repair technician.
Monitor all your accounts
It might be a sensible to consider signing up for a credit monitoring and identity theft protection service. This way you can be alerted if and when the scammers try to use your personal or financial information again.
Let your friends and family know
It can be embarrassing to admit you’ve been scammed but spreading the word and sharing your experience with family and friends is essential to stop others falling for it. As all experts argue education is the key to minimising the trauma of scamming and its fallout.
Change your passwords
After you’ve cleansed your device of any malware and keylogging software, change all your passwords. remember to use strong passwords and perhaps consider using a two-factor authentication system.
Image: Adam Thomas