A typical technical support scam works like this:
1. A user receives a phone call, claiming to come from an operating system vendor or ISP claiming that a security problem has been found on the user’s computer.
One trick fraudster may use to gain a less technically savvy user’s confidence by tricking them into looking for error messages in Windows Event Viewer’s logs.
In fact, such entries are completely harmless and should not be considered evidence of a malware infection.
2. The scammer tricks their intended victim into giving them remote access to the user’s computer in order to “fix” the issue. In truth they install a remote access trojan (RAT).
3.The scammer claims to have identified fake “threats” on the victim’s computer, and scares the user into handing over their payment details or making an online purchase to “fix” the computer.
Usually the scammer will present the situation as urgent and requiring immediate action in order to prevent their intended victim from checking with a tech-savvy friend or relative.
In some cases, the scam will begin with the user seeing bogus security alerts on their computer, which urge them to “call support” for advice.
New statistics published by Microsoft reveal that the number of complaints its own customer services team have received about tech support scams have risen 24% since 2016, with some 153,000 reports from 183 different countries around the world.
15% of the complainants admitted that they have lost cash to the scammers, losing between $200 and $400 on average. The financial losses can be much higher, however. One report received by Microsoft in December 2017 detailed a scammer who had drained a bank account belonging to a victim in the Netherlands to the tune of 89,000 Euros (US $108,000).
The problem isn’t limited to Windows desktop PCs – all manner of devices and operating systems have been targeted, including mobile platforms and Apple Macs – but I think it is fair to say that most commonly the callers do claim to be calling from Microsoft, or on behalf of a company working with Microsoft.
Microsoft is itself at pains to point out that it does not send unsolicited email messages or make unsolicited phone calls offering to fix computers, or requesting personal or financial information.
It simply isn’t in the business of proactively reaching out to people to offer them technical support.
In a similar vein, a genuine Microsoft error message or security warning will never include a phone number. So don’t ring it!
This is all fairly simple advice for you and me to follow, and I’d like to think that if you’re reading Bitdefender’s Hot for Security blog, you’re already more security-savvy than the typical computer user.
But don’t forget that even though you may not be duped by technical support calls like those described in this article, it’s perfectly possible that you know somebody elderly or vulnerable who could be fooled. Always be on the lookout on their behalf, be sure to warn them about “friendly” unsolicited technical support calls as they could be the next to fall victim.
If you believe you have been on the receiving end of a technical support scam you can report it to Microsoft via an online form at www.microsoft.com/reportascam