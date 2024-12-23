5 Ways Scammers Fool You With Fake Tech Support Calls
Seemingly realistic tactics can catch even savvy users unaware.
BY STU SJOUWERMAN, FOUNDER AND CEO OF KNOWBE4 @STUALLARD
Tech support scams have risen significantly in recent years. According to the Internet Crime Complaint Center, consumers and businesses lost almost a billion dollars ($924,512,658) to tech support scams in 2023.
In a tech support scam, fraudsters pose as technical support representatives of well-known brands to deceive unsuspecting victims. They trick individuals into revealing personal information (such as login credentials or financial details), granting remote access to their devices, or installing malware and unnecessary software. These frauds often involve urgent, high-pressure tactics designed to make targets act quickly without thinking.
Common tactics used by tech support scammers
Tech support scams are becoming increasingly sophisticated with scammers resorting to all sorts of different tactics to impersonate businesses and contact victims. Here are five common tactics.
- Fake websites
Scammers are known to create convincing phishing websites and use search engine poisoning techniques to improve the search engine ranking of these cloned websites. When victims encounter these mock phishing sites, they are prompted to enter their account details. Next, an error message appears, fooling the victim into believing there’s some problem with their account and how they must contact tech support immediately. The fake support team then informs the victim that they must download a file that will ostensibly grant them access to their device. Once access is granted, scammers install malware or steal personal data.
- Fake tech support numbers
One must be careful when searching for customer support numbers. Scammers are known to modify or tamper phone numbers in web search results. For example, they will use SEO to push false phone numbers to the top of search results; they use sponsored ad listings; they post fake numbers on online blogs and ecommerce sites; they hack business phone numbers in Google listings; they also leverage vulnerabilities in shopping lists (e.g., Walmart) to promote fake numbers. When a customer dials these false numbers, they immediately run into scammers posing as customer service reps.
- Fake social media accounts
When someone experiences a problem with a product or service, they will often look up the associated social media account to escalate the issue. But what if the social account is not official and managed instead by threat actors? Some scammers are even known to use verified accounts to dupe users. Another version of this scam is known as an Angler phishing scam. Let’s say you use social media to voice concern about a product or service. This immediately catches the attention of a scammer who creates a fake profile, poses as a customer care agent, and contacts you to offer assistance.
- Fake online reviews
Consumers often study online reviews when purchasing a new product or when they want to learn whether other consumers experienced the same issue with the seller. Unfortunately, these review websites are flooded with fake reviews posted by scammers. For example, security vendor LastPass reported how threat actors were posting reviews on the Google Chrome Web Store and redirecting users to a fake call center number. When customers call this number, scammers convince them to engage with a malicious website.
- Fake virus alerts
A fake virus alert is a misleading cybersecurity tactic where victims see a notification or pop-up message when they browse certain malicious websites or use some free or ad-based software.
These warnings evoke a sense of fear and urgency, appearing as if issued from an antivirus tool or a system notification. They inform the user of a virus on the computer and how they must call a toll-free number immediately or face losing all their personal data. Upon contacting this number, scammers may request remote access, pretend to run some diagnostics, or attempt to sell repair services.
Best practices to avoid falling victim to tech support scams
- Be aware, educate your business about all the various tech support scams.
- If you operate a business, run simulated phishing tests and other training exercises.
- Teach employees to only visit legitimate vendor websites and never fully trust search engine results.
- Be wary of clicking on sponsored ads that advertise customer support numbers.
- Be suspicious if someone offers help to recover your social media or email account.
- If you encounter an error in code in your software or application, contact the vendor’s customer support line via official channels. Try to avoid using a web search to solve the problem yourself.
- Avoid dialing phone numbers listed in online review sites or social media comments.
- If you see a pop-up window that appears as a virus alert, close it immediately. If the window keeps popping up, contact a known technician who can help.
- Never download unauthorized software, freeware, or tools from free download sites. Purchase licensed software from official sources.
Stay vigilant and educate yourself and your employees about the inner workings of tech support scammers. Recognizing the tactics threat actors use and implementing best practices will help protect your business and personal information from falling victim to these deceptive schemes. Security awareness, knowledge, and caution are your best defenses.
