• United States



Tech support scams are on the rise, up 24%, warns Microsoft

Apr 23, 20184 mins
CybercrimeSecuritySocial Engineering

Social engineering attacks like the Microsoft tech support scams still work. Fake cold calls, fake messages on websites, and malicious emails continue to trick victims.

frustrated computer user
Credit: Thinkstock

You did what?!? I was thinking as an elderly family member admitted to doing something I’d warned against long ago. Then I asked, “Do you really think Microsoft cares enough about you to personally call you out of the blue because it detected malware on your PC?”

She had admitted to allowing “Microsoft’s tech support specialist” remote access into her computer to fix the “malware” problem even though none of her anti-malware or anti-virus programs had popped up with a “malware detected” warning. Once Mr. Tech Support had access to her PC, he was able to show her all sorts of “scary” issues, including how an IP from China was allegedly accessing her computer at that very moment. Thankfully, though, she called me — the 24/7 free tech support person in the family — before handing over her credit card details to the fake Microsoft support tech who insisted on needing her payment before fixing her computer.

That type of tech support scam, a social engineering attack, is older than the hills, but apparently it still works. In fact, Microsoft recently warned that tech support scams are “still a growing global problem.”

Microsoft said it received “153,000 reports from customers who encountered or fell victim to tech support scams” from 183 counties in 2017. That is up 24 percent from the number of tech support scams reported to Microsoft in 2016.

Not all of those scams were cold calls from fake tech support; some started at random websites that had a popup warning about detecting fake threats or fake error message popups. Other social engineering attacks started in email campaigns where the user would click on a URL or open a malicious attachment; once malware is on a computer, it can make system changes or flash fake error messages with a number to call to fix the problem.

15% of victims admit to losing money in the scam

Scammers continue to resort to these tactics because they work so well to scare the pants off non-tech-savvy users. Of the 153,000 tech support scams reported to Microsoft, 15 percent of victims admitted to losing money in the scam. While most paid between $200 and $400 for the fake problems to be “fixed,” one scammer managed to drain the bank account of a user in the Netherlands. That poor person lost €89,000, which is about $108,838.54.

For anyone wondering how a scammer managed to empty the victim’s bank account, Oregon’s FBI explained that some victims of tech support scammers first received a notification about a refund after overpaying for a previous tech support incident.

“The criminal tells the victim that he can get the money refunded if she gives him remote access to her computer while she logs into her bank account. Now he has access to her bank account, and he can make it appear as if a refund has occurred just by moving her own money between savings and checking,” the organization said.

Another “new” tech support scam involves thugs re-contacting their victims but pretending to be law enforcement or another government agency that wants to help them recover the money the victim lost to the scammer. They are happy to help — after the victim gives them money to defray the cost of the investigation.

Lastly, the FBI warned about the fake tech support trend of thugs posing as collection agencies and threatening legal action because the victim supposedly didn’t pay for previous tech support services.

Last month, the Internet Crime Complaint Center (IC3) reported having received 11,000 complaints about tech support fraud in 2017. Altogether, the victims claimed losses of near $15 million, which was up 86 percent from 2016.

Microsoft suggested “customer education is key” to reducing the number of successful tech support scams. It also hyped Windows 10 S as being able to prevent most attacks, as it only runs apps from the Microsoft Store, although tech support scams also target other operating systems such as macOS, iOS and Android.

While you likely know all about how to stay safe, you might remind the less tech-savvy folks in your life that vendors are not going to make unsolicited calls to fix a device. That might save you from getting a call during which the person admits to being scammed, as the old saying is still true: There is no patch for human stupidity.

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.