Attacks/Breaches

10/17/2016
05:00 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Millennials A Growing Target Of IT Support Scams

New Microsoft-NCSA study finds that two out of three customers have been exposed to tech support scams in the last 12 months.

More millennials are falling victim to tech support scams, surpassing senior citizens as the group most frequently tricked by fraudsters.

This finding comes from a new study released by Microsoft and the National Cyber Security Alliance (NCSA) as part of National Cybersecurity Awareness Month. To identify tech scams and their effects on everyday consumers, researchers at IPSOS Public Affairs polled 1,000 adults around the world. 

Study results indicate IT support scams are on the rise. Two out of three customers have been exposed to this type of fraud in the last 12 months, and many follow attackers' leads until they put their personal information and devices at risk.

IT support scams usually follow a common pattern: attackers call senior citizens at home and claim to be with a reputable company. They claim that there is malware or other tech problems on the victim's PC, and offer to sell tech support for a fee. From there, they seek remote access to the device and save victims' information for future fraud.

One in five customers continued with potentially fraudulent interactions following initial exposure, meaning they visited a fake website, downloaded software, provided fraudsters with remote access to their device, or handed over credit card details or another form of payment.

While this study targeted consumers, the growth in scams can pose a danger to the enterprise. Michael Kaiser, executive director at NCSA, says IT managers should be aware of the proliferation of this scam.

"Some [fraudsters] try to get into people's computers by using remote access," he explains. "If that computer is connected to the office or has business information, or access to credentials that could get someone into a business computer, that could be a pretty big risk for the enterprise."

Businesses should be aware that the ages of IT scam victims are changing. Of the people who continued with fraudulent interactions, 17% were older than 55, and 34% were between the ages of 36 and 54.

Half of them were between the ages of 18 and 34, which came as a surprise to researchers.

"A lot of times we think of these scams as targeting older people, but there were a lot of millennials who responded to this scam," Kaiser says.

The common victim demographic is changing as attackers' methods continue to change. Fraudsters use cold calling, Web advertisements, pop-ups, and other strategies to get consumers on the phone and obtain access to their computers, explains Courtney Gregoire, senior attorney in Microsoft's Digital Crimes Unit.

Millennials are more likely to fall for fraudsters' increasingly complex strategies. The generation that has grown up attached to technology also has a high reliance on their devices.

"We think [the rise] is correlated to the shift in these fraudsters using more pop-up email and website misdirection online," she says of the increase in millennial targets. "Fraudsters are trying to convince victims something is wrong when nothing is, in fact, wrong," she continues. "At their core, they're using social engineering."

Businesses have reason to be concerned about the rise in millennials falling for IT support scams. After all, these young professionals are making up more of the workforce.

"[IT managers] should remember that really, any risk to their employees on the Internet is transferable into the workplace," Kaiser warns. He encourages IT pros to make workers aware there are risks beyond the business that warrant their attention.

Gregoire emphasizes the importance of employee education, especially for business with BYOD programs. "You can't overtrain on safe computer hygiene," she says. It's also important for organizations to keep their antivirus and antimalware up to date. 

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
10/24/2016 | 5:53:08 PM
Not suprising
Not surprising from a generation that has become dependent on technology and only knows sales and support digital process. Older generations are more likely to pause and use caution in a new type of interaction/request from fraudsters.  But at first for sure these findings feels counter-intuitive.
enlightenedit@gmail.com
100%
0%
[email protected],
User Rank: Apprentice
10/18/2016 | 2:25:28 AM
What is needed is better policing of network.
Usually the staff doesn't have access to download anything and firewalls are always there, but even then if the hackers get into an organization then that means that they are smarter then the IT techs of the particular organization. 

So leave alone the commonners they can always fall prey.

What is needed is better policing of network.

 
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading,  10/16/2018
Getting Up to Speed with "Always-On SSL"
Tim Callan, Senior Fellow, Comodo CA,  10/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Latest Comment: Too funny!
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.