Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/17/2016
05:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Millennials A Growing Target Of IT Support Scams

New Microsoft-NCSA study finds that two out of three customers have been exposed to tech support scams in the last 12 months.

More millennials are falling victim to tech support scams, surpassing senior citizens as the group most frequently tricked by fraudsters.

This finding comes from a new study released by Microsoft and the National Cyber Security Alliance (NCSA) as part of National Cybersecurity Awareness Month. To identify tech scams and their effects on everyday consumers, researchers at IPSOS Public Affairs polled 1,000 adults around the world. 

Study results indicate IT support scams are on the rise. Two out of three customers have been exposed to this type of fraud in the last 12 months, and many follow attackers' leads until they put their personal information and devices at risk.

IT support scams usually follow a common pattern: attackers call senior citizens at home and claim to be with a reputable company. They claim that there is malware or other tech problems on the victim's PC, and offer to sell tech support for a fee. From there, they seek remote access to the device and save victims' information for future fraud.

One in five customers continued with potentially fraudulent interactions following initial exposure, meaning they visited a fake website, downloaded software, provided fraudsters with remote access to their device, or handed over credit card details or another form of payment.

While this study targeted consumers, the growth in scams can pose a danger to the enterprise. Michael Kaiser, executive director at NCSA, says IT managers should be aware of the proliferation of this scam.

"Some [fraudsters] try to get into people's computers by using remote access," he explains. "If that computer is connected to the office or has business information, or access to credentials that could get someone into a business computer, that could be a pretty big risk for the enterprise."

Businesses should be aware that the ages of IT scam victims are changing. Of the people who continued with fraudulent interactions, 17% were older than 55, and 34% were between the ages of 36 and 54.

Half of them were between the ages of 18 and 34, which came as a surprise to researchers.

"A lot of times we think of these scams as targeting older people, but there were a lot of millennials who responded to this scam," Kaiser says.

The common victim demographic is changing as attackers' methods continue to change. Fraudsters use cold calling, Web advertisements, pop-ups, and other strategies to get consumers on the phone and obtain access to their computers, explains Courtney Gregoire, senior attorney in Microsoft's Digital Crimes Unit.

Millennials are more likely to fall for fraudsters' increasingly complex strategies. The generation that has grown up attached to technology also has a high reliance on their devices.

"We think [the rise] is correlated to the shift in these fraudsters using more pop-up email and website misdirection online," she says of the increase in millennial targets. "Fraudsters are trying to convince victims something is wrong when nothing is, in fact, wrong," she continues. "At their core, they're using social engineering."

Businesses have reason to be concerned about the rise in millennials falling for IT support scams. After all, these young professionals are making up more of the workforce.

"[IT managers] should remember that really, any risk to their employees on the Internet is transferable into the workplace," Kaiser warns. He encourages IT pros to make workers aware there are risks beyond the business that warrant their attention.

Gregoire emphasizes the importance of employee education, especially for business with BYOD programs. "You can't overtrain on safe computer hygiene," she says. It's also important for organizations to keep their antivirus and antimalware up to date. 

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
10/24/2016 | 5:53:08 PM
Not suprising
Not surprising from a generation that has become dependent on technology and only knows sales and support digital process. Older generations are more likely to pause and use caution in a new type of interaction/request from fraudsters.  But at first for sure these findings feels counter-intuitive.
enlightenedit@gmail.com
100%
0%
[email protected],
User Rank: Apprentice
10/18/2016 | 2:25:28 AM
What is needed is better policing of network.
Usually the staff doesn't have access to download anything and firewalls are always there, but even then if the hackers get into an organization then that means that they are smarter then the IT techs of the particular organization. 

So leave alone the commonners they can always fall prey.

What is needed is better policing of network.

 
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.