Introduction

The world of business has never been as connected as it is now. Today, all of our servers, computers, workstations, wireless devices (especially our Smartphones) and just about everything else interacts with one another in a seamless fashion, for the most part.

This degree of interconnectedness is only going to further expand exponentially into the future as the world of the Internet of Things (IoT) becomes more expansive and embraces our everyday lives.

Probably the best example of this is the Smart Home. Literally at the clap of our hands or the touch of our finger, or even by the sound of our voice, we can start and stop our television sets, cooking appliances, musical equipment, and even organize our electronic calendars.

While all of this sounds very advantageous and efficient, there is one serious flaw in all of this: All of these connections simply mean more points of failure and breakdowns.

But because everything is pretty much all virtual now, if we need technical support help, we either have to call the vendor, or even just have a Virtual Assistant fix whatever went awry.

Whenever we reach out in this aspect, there is always that inherent level of trust that whom we are talking with on the other end is actually a legitimate tech support representative.

But now, the trend has started in which the person that we are really getting assistance from is not authentic-rather they are actually a Cyberattacker or a hacker to whom we have given full control of our broken, digital device to in order to get it fixed. These are specifically known as “Tech Support Scams”, and this is the focal point of this blog.

A Definition Of A Tech Support Scam

A Tech Support Scam can be specifically defined as follows:

“It is a class of telephone fraud activities in which a scammer claims to offer a legitimate technical support service, often via cold calls to unsuspecting users. The scammer will typically attempt to get the victim to allow remote access to his or her computer. After remote access is gained, the scammer relies on confidence tricks, in order to gain the victim’s trust to pay for the supposed “support” services. The scammer will often then steal the victim’s credit card account information or persuade the victim to log into his or her online banking account to receive a promised refund, claiming that a secure server is connected and that the scammer cannot see the details.”

(SOURCE: 1)

As it can be seen from the above definition, this form of Cyberattack is actually considered to be relatively “low level” in terms of getting the financial information from the unsuspecting victim. In other words, there is no need to launch a covert or super sophisticated Phishing attack; all that the Cyberattacker has to do is simply use the principles of Social Engineering in order to prey upon the feeling of desperation and hopelessness of the victim.

It is important to keep in mind that in the American society, we have the mindset that we need to have everything right now, especially when it comes to resolving the issues that surround our technological platforms. The Cyberattacker is very aware of this and uses this feeling of humanity to their fullest advantage. Also, Tech Support Scams are a major form of Cyberthreat, but we don’t hear about it as much because it is primarily the digital Cyberattacks that get most of the attention in the media. To get a much better grasp of the gravity of this Cyberattack, consider these statistics:

  • The FBI’s Internet Crime Complaint Center (IC3) on an annual basis, receives at 11,000 complaints of Tech Support Scams;
  • This kind of Cyberattack has cost the American consumer $15 Million, which represents a Year over Year (YoY) increase of 86%;
  • It is currently ranked as the #1 Cyberattack that targets the American senior citizen (aged 65+);
  • Apart from the digital types of Cyberattacks, Tech Support Scams are currently ranked #7 as one of the most widely used threat vehicles, and is climbing;
  • Each specific instance of a Tech Support Scam costs each victim on average $300.

(SOURCE: 2).

How A Tech Support Scam Unfolds

The following scenario depicts how a Tech Support Scam typically unfolds:

The Cyberattacker, or hacker, calls the unsuspecting victim using a hosted, or virtual telephone number. This number actually looks legitimate, because it contains the area code of the geographic location in which the victim currently resides in. This is purposely done so that the probability of this scam call being answered will be much higher, rather than using some other generic phone number.

When the unsuspecting victim answers the phone, the Cyberattacker on the other end will make the claim that he or she is a technical support representative from a very well-established technology vendor.

In these instances, Microsoft has been targeted heavily in these Tech Support Scams. After this brief introduction, the Cyberattacker will make the claim that their scanning devices based at their Internet Service Provider (ISP) has detected some serious type of Malware on their device and offers the victim that they will take care of the problem in just a matter of a few minutes.
Once the victim agrees to this, the Cyberattacker will then ask him or her to download one of the following Remote Access software packages:

  • TeamViewer;
  • PCAnywhere;
  • GoToMyPC.

An example of this can be seen below:

(SOURCE: 5).

Once this has been deployed, the Cyberattacker then has full, remote access to the victim’s device. Very often, there is also another person involved in this phone call, in order keep communicating with the victim, and describing to him or her exactly what steps are being taken to remove that specific piece of Malware that has been purported to be on their device. In order to make this even look more legitimate, a Microsoft component known as the “Event Viewer” displays all of the so called “real” error messages and warnings that have transpired as a result of the Malware that has infected their system. But in reality, all of them are phony, but the victim, of course does not know that. All they want is to have their device fixed as quickly as possible.

An example of the Event Viewer can be seen below:

(SOURCE: 5).

Once all of these warnings and error messages have dissipated, the Cyberattacker will then tell the victim that their device has now been repaired and can be used again. But in reality, there was nothing really wrong with the device in the first place, but with all of this that has now happened, the Cyberattacker could now have really covertly deployed some kind of Malware, as a Key Logger or a Trojan Horse.

With these, all of the keystrokes on the device are recorded, and sent back to the Cyberattacker so that they can gain more access to the Personal Identifiable Information (PII) of the unsuspecting victim. But in order to have their device supposedly “fixed” in the first place, the victim first has to pay a support fee, either by submitting their banking information (such as a checking account) or credit card number.

In fact, in a doctoral research study conducted at Stony Brook University by Nick Nikiforakis, the following was discovered about this specific kind of Tech Support Scam:

  • 85.4% of the IP Addresses that accessed the victim’s device originated in different locations in India;
  • 9.7% originated from the United States;
  • 4.9% originated from Costa Rica;
  • The average price tag for receiving this kind of support cost the victim anywhere from $70 to a whopping $1,000+.

These statistics demonstrate that Tech Support Scams are truly a global issue, just like their digital Cyberattack counterparts.

(SOURCE: 3).

https://whatis.techtarget.com/definition/tech-support-phone-scam

How To Spot A Tech Support Scam

It is very important to note at this point that calling a victim is just one method used in a Tech Support Scam. There are two other methods that are widely used as well, in which the tactic is to lure the victim into actually calling the Cyberattacker. These are as follows:

  1. Online Searches:If you have received some sort of Email or even a pop up message in your web browser saying that there is something wrong with your device, one of your first inclinations would be is to conduct a Google search for a tech support assistance center, if no contact information has been given in the Email or pop up. Of course, in our haste to get the hypothetical problem resolved quickly, we would normally call those support centers that appear first in the search engine rankings. Be very careful of this, as the Cyberattacker could be using the principles of SEO and keywords in order for their phony assistance centers to appear first. You really should not even go down this route, until you have first confirmed the authenticity as well as the legitimacy of the Email or pop up; but if you decide to, be very careful of the links that you click upon. These very well could be spoofed up websites that look like the real thing.
  2. Pop Up Messages:In this particular instance, if a Pop-Up message appears in your web browser and it does have contact information (such as a telephone number), it will ask you to contact the Cyberattacker (but not knowing that it is really one) based upon that. An example of this is illustrated below:

(SOURCE: 4).

What To Do If You Think You Have Become A Victim

If you think you have become a victim of a Tech Support Scam, remember all is not totally lost, but you have to act quickly on two fronts:

  1. Trying to recover your device:
    If the Cyberattacker has already made their entrance via remote access (as just described) and supposedly completed their task, be proactive and do the following immediately:

    • Immediately terminate the Remote Access software package. If you cannot do this, then the best course of action is to do a hard reboot of your computer (this is where you shut down your computer, and then restart your computer again after a couple of minutes).
    • Scan your device for any Malware or Spyware that could have been very well installed by the Cyberattacker during the Remote Access session.
    • Immediately change all passwords, even including the one that you use to initially log into your device when you first turn it on. Cyberattackers have been notorious for doing this, by using a Linux Operating System (OS) CD to mount the Windows OS by using a special command known as the “chntpw utility”.
    • Check for any missing software packages after you have rebooted your device. It could very well be the case that the Cyberattacker could have even hijacked these as well. These kinds of tasks can be generally done from the “System Restore” command in Windows. If you are unsure on how to do this, the best option is to always take your device to the nearest Geek Squad team and have them thoroughly examine and repair it.
  2. Trying to recover your financial loss:
    If you have already paid money and you think you have been the victim of a Tech Support Scam, do the following:

    • Contact your credit card and other financial institutions immediately and notify them. In most cases, under federal law, your damages will be limited to just $50.00.
    • If you have online access to the above-mentioned accounts, keep checking them at least 2-3 times daily to keep an eye any fraudulent activity that may take place.
    • Contact the local Secret Service and/or FBI field office and report what happened.
    • Contact all of the major credit reporting companies and put a lock or freeze on your credit report.
    • File an Identity Theft report with the Federal Trade Commission, at this website:
      https://www.consumer.ftc.gov/features/feature-0014-identity-theft

 

Conclusions – The Do’s and Don’ts Of A Tech Support Scam

Overall, this blog has reviewed what a Tech Support scam is, how it unfolds, and some of the key steps to protect yourself in case you think you have become a victim. This is all summarized in the matrix below:

What To Do What NOT To Do
*Hang up immediately if you get an unsolicited call that you are not expecting. *Do not give Remote Access to your device to anybody under any circumstance unless you have previously done trustworthy business with that entity.
*Do not click on any form of Pop Up message that appear in your web browser. *Do not rely upon your Caller ID to determine if a call is legitimate or not. Always trust your gut.
*Always keep your Antivirus and/or Antimalware software packages up to date. *Never call the tech support phone number that is offered in a Pop-Up window.
*Always keep your Windows device updated with the latest software patches and upgrades. *Do not click upon any links in a Pop-Up window.
*As much as possible, use your web browser’s pop up blocker. *Only purchase Antivirus and Antimalware software packages from well-known vendors (such as Norton, Symantec, etc.).
*For the best possible protection, take your device to your local Geek Squad to be thoroughly examined. *Do not reopen any websites after you have clicked upon a malicious Pop Up, after you have rebooted your computer. Even if your web browser launches automatically after reboot, close them out immediately.
*Always contact your local law enforcement, financial institutions, and credit reporting agencies to report a potential Identity Theft case. *Never give out financial information to anybody, unless you know them personally and have a deep level of trust.

 

(SOURCE: 6).

Conclusions – The Do’s and Don’ts Of A Tech Support Scam

  1. https://en.wikipedia.org/wiki/Technical_support_scam
  2. https://www.experian.com/blogs/ask-experian/what-are-tech-support-scams/
  3. https://www.pindrop.com/blog/inside-the-tech-support-scam-ecosystem/
  4. https://www.consumer.ftc.gov/articles/how-spot-avoid-and-report-tech-support-scams#Reporting
  5. https://blog.malwarebytes.com/tech-support-scams/
  6. https://www.consumer.ftc.gov/features/feature-0014-identity-theft
  7. https://www.aarp.org/money/scams-fraud/info-2019/tech-support.html