New Microsoft-NCSA study finds that two out of three customers have been exposed to tech support scams in the last 12 months.

Kelly Sheridan, Former Senior Editor, Dark Reading

October 17, 2016

3 Min Read

More millennials are falling victim to tech support scams, surpassing senior citizens as the group most frequently tricked by fraudsters.

This finding comes from a new study released by Microsoft and the National Cyber Security Alliance (NCSA) as part of National Cybersecurity Awareness Month. To identify tech scams and their effects on everyday consumers, researchers at IPSOS Public Affairs polled 1,000 adults around the world. 

Study results indicate IT support scams are on the rise. Two out of three customers have been exposed to this type of fraud in the last 12 months, and many follow attackers' leads until they put their personal information and devices at risk.

IT support scams usually follow a common pattern: attackers call senior citizens at home and claim to be with a reputable company. They claim that there is malware or other tech problems on the victim's PC, and offer to sell tech support for a fee. From there, they seek remote access to the device and save victims' information for future fraud.

One in five customers continued with potentially fraudulent interactions following initial exposure, meaning they visited a fake website, downloaded software, provided fraudsters with remote access to their device, or handed over credit card details or another form of payment.

While this study targeted consumers, the growth in scams can pose a danger to the enterprise. Michael Kaiser, executive director at NCSA, says IT managers should be aware of the proliferation of this scam.

"Some [fraudsters] try to get into people's computers by using remote access," he explains. "If that computer is connected to the office or has business information, or access to credentials that could get someone into a business computer, that could be a pretty big risk for the enterprise."

Businesses should be aware that the ages of IT scam victims are changing. Of the people who continued with fraudulent interactions, 17% were older than 55, and 34% were between the ages of 36 and 54.

Half of them were between the ages of 18 and 34, which came as a surprise to researchers.

"A lot of times we think of these scams as targeting older people, but there were a lot of millennials who responded to this scam," Kaiser says.

The common victim demographic is changing as attackers' methods continue to change. Fraudsters use cold calling, Web advertisements, pop-ups, and other strategies to get consumers on the phone and obtain access to their computers, explains Courtney Gregoire, senior attorney in Microsoft's Digital Crimes Unit.

Millennials are more likely to fall for fraudsters' increasingly complex strategies. The generation that has grown up attached to technology also has a high reliance on their devices.

"We think [the rise] is correlated to the shift in these fraudsters using more pop-up email and website misdirection online," she says of the increase in millennial targets. "Fraudsters are trying to convince victims something is wrong when nothing is, in fact, wrong," she continues. "At their core, they're using social engineering."

Businesses have reason to be concerned about the rise in millennials falling for IT support scams. After all, these young professionals are making up more of the workforce.

"[IT managers] should remember that really, any risk to their employees on the Internet is transferable into the workplace," Kaiser warns. He encourages IT pros to make workers aware there are risks beyond the business that warrant their attention.

Gregoire emphasizes the importance of employee education, especially for business with BYOD programs. "You can't overtrain on safe computer hygiene," she says. It's also important for organizations to keep their antivirus and antimalware up to date. 

Related Content:

About the Author(s)

Kelly Sheridan

Former Senior Editor, Dark Reading

Kelly Sheridan was formerly a Staff Editor at Dark Reading, where she focused on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights