Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

12/27/2017
08:00 AM
Steve Zurier
Steve Zurier
Slideshows
Connect Directly
Twitter
RSS
E-Mail
50%
50%

6 Tips to Protect Against Technical Support Fraud

Just when you're having fun over the holidays and not paying attention, you can be hit with a tech support scam. Here's how to stay safe into the new year.
Previous
1 of 7
Next

Image Source: towfiqu barbhulya via Shutterstock

Image Source: towfiqu barbhulya via Shutterstock

Tech support scams have become big business for criminals, so don’t expect them to stop over the holidays. In fact, the FBI’s most recent Internet Crime Report lists tech support fraud as one of the top cybercrime trends, costing victims some $8 million last year alone.

Since 2015, according to a Microsoft spokesperson, the company has received more than 300,000 customer reports of tech support fraud and the software company receives an average of 12,000 reports of tech support scams a month worldwide.

Microsoft’s global survey conducted in 2016 also reported that two out of three consumers have experienced this type of scam, with one in five losing money to the fraudsters. On an interesting note, Microsoft found that millennials between the ages of 18 and 34 are actually more apt to be the victim of a tech support scam than people over 55. 

The FTC said the scammers run ads that resemble pop-up security alerts from Microsoft, Apple, or other prominent technology companies. Users are warned that their computers are infected with viruses or are under attack by hackers. Some of the pop-ups even feature a countdown clock, allegedly showing the time remaining before the hard drive will fry unless the consumer calls a toll-free number claiming to be affiliated with one of the big-name technology companies.

Once operators have consumers on the phone, the operators claim to need remote access into the victim’s computer so they can run so-called diagnostic tests. This is the gravest danger.  At all costs, people should not let people they don’t know access their computers. The tests the scammers run claim to reveal grave problems that can only be solved by one of their “certified technicians.” Companies use high-pressure tactics to strong-arm consumers into paying several hundred dollars – sometimes more -- for unnecessary repairs, anti-virus software and other tech support products and services. 

The FTC has cracked down on these fraudsters, prosecuting many of them earlier this year as part of its Operation Tech Trap.

Based on interviews with the FTC’s Will Maxson, Microsoft and Michael Kaiser of the National Cyber Security Alliance, we developed a list of six tips for users. Computer security geeks spending time with family members over the holidays may want to point out this story to friends and relatives who have questions or believe they have been the victim of a tech support scam.

Check this link for more consumer information from the FTC on tech support scams.

 

 

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md. View Full Bio
 

Recommended Reading:

Previous
1 of 7
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
maklonkosmetik
50%
50%
maklonkosmetik,
User Rank: Apprentice
1/8/2018 | 9:01:12 PM
Re: Excellent advise to pass around...
Wow.. these tips are very useful. During the holidays we often neglect the security. thank you for reminding me of this
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
12/28/2017 | 1:31:36 PM
Excellent advise to pass around...
Very useful info to share during this holiday season...
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23381
PUBLISHED: 2021-04-18
This affects all versions of package killing. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23374
PUBLISHED: 2021-04-18
This affects all versions of package ps-visitor. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23375
PUBLISHED: 2021-04-18
This affects all versions of package psnode. If attacker-controlled user input is given to the kill function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23376
PUBLISHED: 2021-04-18
This affects all versions of package ffmpegdotjs. If attacker-controlled user input is given to the trimvideo function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.
CVE-2021-23377
PUBLISHED: 2021-04-18
This affects all versions of package onion-oled-js. If attacker-controlled user input is given to the scroll function, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization.