Attacks/Breaches

10/17/2016
05:00 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Millennials A Growing Target Of IT Support Scams

New Microsoft-NCSA study finds that two out of three customers have been exposed to tech support scams in the last 12 months.

More millennials are falling victim to tech support scams, surpassing senior citizens as the group most frequently tricked by fraudsters.

This finding comes from a new study released by Microsoft and the National Cyber Security Alliance (NCSA) as part of National Cybersecurity Awareness Month. To identify tech scams and their effects on everyday consumers, researchers at IPSOS Public Affairs polled 1,000 adults around the world. 

Study results indicate IT support scams are on the rise. Two out of three customers have been exposed to this type of fraud in the last 12 months, and many follow attackers' leads until they put their personal information and devices at risk.

IT support scams usually follow a common pattern: attackers call senior citizens at home and claim to be with a reputable company. They claim that there is malware or other tech problems on the victim's PC, and offer to sell tech support for a fee. From there, they seek remote access to the device and save victims' information for future fraud.

One in five customers continued with potentially fraudulent interactions following initial exposure, meaning they visited a fake website, downloaded software, provided fraudsters with remote access to their device, or handed over credit card details or another form of payment.

While this study targeted consumers, the growth in scams can pose a danger to the enterprise. Michael Kaiser, executive director at NCSA, says IT managers should be aware of the proliferation of this scam.

"Some [fraudsters] try to get into people's computers by using remote access," he explains. "If that computer is connected to the office or has business information, or access to credentials that could get someone into a business computer, that could be a pretty big risk for the enterprise."

Businesses should be aware that the ages of IT scam victims are changing. Of the people who continued with fraudulent interactions, 17% were older than 55, and 34% were between the ages of 36 and 54.

Half of them were between the ages of 18 and 34, which came as a surprise to researchers.

"A lot of times we think of these scams as targeting older people, but there were a lot of millennials who responded to this scam," Kaiser says.

The common victim demographic is changing as attackers' methods continue to change. Fraudsters use cold calling, Web advertisements, pop-ups, and other strategies to get consumers on the phone and obtain access to their computers, explains Courtney Gregoire, senior attorney in Microsoft's Digital Crimes Unit.

Millennials are more likely to fall for fraudsters' increasingly complex strategies. The generation that has grown up attached to technology also has a high reliance on their devices.

"We think [the rise] is correlated to the shift in these fraudsters using more pop-up email and website misdirection online," she says of the increase in millennial targets. "Fraudsters are trying to convince victims something is wrong when nothing is, in fact, wrong," she continues. "At their core, they're using social engineering."

Businesses have reason to be concerned about the rise in millennials falling for IT support scams. After all, these young professionals are making up more of the workforce.

"[IT managers] should remember that really, any risk to their employees on the Internet is transferable into the workplace," Kaiser warns. He encourages IT pros to make workers aware there are risks beyond the business that warrant their attention.

Gregoire emphasizes the importance of employee education, especially for business with BYOD programs. "You can't overtrain on safe computer hygiene," she says. It's also important for organizations to keep their antivirus and antimalware up to date. 

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
10/24/2016 | 5:53:08 PM
Not suprising
Not surprising from a generation that has become dependent on technology and only knows sales and support digital process. Older generations are more likely to pause and use caution in a new type of interaction/request from fraudsters.  But at first for sure these findings feels counter-intuitive.
enlightenedit@gmail.com
100%
0%
[email protected],
User Rank: Apprentice
10/18/2016 | 2:25:28 AM
What is needed is better policing of network.
Usually the staff doesn't have access to download anything and firewalls are always there, but even then if the hackers get into an organization then that means that they are smarter then the IT techs of the particular organization. 

So leave alone the commonners they can always fall prey.

What is needed is better policing of network.

 
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.
CVE-2018-20154
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses.
CVE-2018-20155
PUBLISHED: 2018-12-14
The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings.