Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/17/2016
05:00 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Millennials A Growing Target Of IT Support Scams

New Microsoft-NCSA study finds that two out of three customers have been exposed to tech support scams in the last 12 months.

More millennials are falling victim to tech support scams, surpassing senior citizens as the group most frequently tricked by fraudsters.

This finding comes from a new study released by Microsoft and the National Cyber Security Alliance (NCSA) as part of National Cybersecurity Awareness Month. To identify tech scams and their effects on everyday consumers, researchers at IPSOS Public Affairs polled 1,000 adults around the world. 

Study results indicate IT support scams are on the rise. Two out of three customers have been exposed to this type of fraud in the last 12 months, and many follow attackers' leads until they put their personal information and devices at risk.

IT support scams usually follow a common pattern: attackers call senior citizens at home and claim to be with a reputable company. They claim that there is malware or other tech problems on the victim's PC, and offer to sell tech support for a fee. From there, they seek remote access to the device and save victims' information for future fraud.

One in five customers continued with potentially fraudulent interactions following initial exposure, meaning they visited a fake website, downloaded software, provided fraudsters with remote access to their device, or handed over credit card details or another form of payment.

While this study targeted consumers, the growth in scams can pose a danger to the enterprise. Michael Kaiser, executive director at NCSA, says IT managers should be aware of the proliferation of this scam.

"Some [fraudsters] try to get into people's computers by using remote access," he explains. "If that computer is connected to the office or has business information, or access to credentials that could get someone into a business computer, that could be a pretty big risk for the enterprise."

Businesses should be aware that the ages of IT scam victims are changing. Of the people who continued with fraudulent interactions, 17% were older than 55, and 34% were between the ages of 36 and 54.

Half of them were between the ages of 18 and 34, which came as a surprise to researchers.

"A lot of times we think of these scams as targeting older people, but there were a lot of millennials who responded to this scam," Kaiser says.

The common victim demographic is changing as attackers' methods continue to change. Fraudsters use cold calling, Web advertisements, pop-ups, and other strategies to get consumers on the phone and obtain access to their computers, explains Courtney Gregoire, senior attorney in Microsoft's Digital Crimes Unit.

Millennials are more likely to fall for fraudsters' increasingly complex strategies. The generation that has grown up attached to technology also has a high reliance on their devices.

"We think [the rise] is correlated to the shift in these fraudsters using more pop-up email and website misdirection online," she says of the increase in millennial targets. "Fraudsters are trying to convince victims something is wrong when nothing is, in fact, wrong," she continues. "At their core, they're using social engineering."

Businesses have reason to be concerned about the rise in millennials falling for IT support scams. After all, these young professionals are making up more of the workforce.

"[IT managers] should remember that really, any risk to their employees on the Internet is transferable into the workplace," Kaiser warns. He encourages IT pros to make workers aware there are risks beyond the business that warrant their attention.

Gregoire emphasizes the importance of employee education, especially for business with BYOD programs. "You can't overtrain on safe computer hygiene," she says. It's also important for organizations to keep their antivirus and antimalware up to date. 

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
10/24/2016 | 5:53:08 PM
Not suprising
Not surprising from a generation that has become dependent on technology and only knows sales and support digital process. Older generations are more likely to pause and use caution in a new type of interaction/request from fraudsters.  But at first for sure these findings feels counter-intuitive.
enlightenedit@gmail.com
100%
0%
[email protected],
User Rank: Apprentice
10/18/2016 | 2:25:28 AM
What is needed is better policing of network.
Usually the staff doesn't have access to download anything and firewalls are always there, but even then if the hackers get into an organization then that means that they are smarter then the IT techs of the particular organization. 

So leave alone the commonners they can always fall prey.

What is needed is better policing of network.

 
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...