When talking about cybersecurity, we instantly think of viruses and malware. But advances in personal computer security have made it much harder for hackers to infect your PC through traditional channels like email.
As a result, they have developed new attack methods to get around your defenses using a range of techniques, on and off-line. One of the most used and also successful is the “Technical Support Scam” that combines social engineering and technology to empty a victim’s bank account.
What is the Technical Support Scam?
Social engineering relies on building trust with a victim, before tricking them into doing something that gets around their security defenses. In the case of the Support Scam, criminals telephone their victims pretending to be from a reputable business, like Microsoft or your security or telephone provider – a company name you recognize.
Posing as an engineer, the hacker informs their target that they have already fallen victim to criminals, and they must take urgent action to plug the security gap. The victim is asked to visit a webpage from their computer, and to download a remote control tool that will allow the engineer to access their system to perform “repair work”.
Once in control of the computer, the “engineer” may call up the computer’s event log and show a number of scary looking (but completely harmless) alerts. They will then suggest downloading further tools that allow them to fix these errors.
Unfortunately these tools are actually malware that will steal valuable information from the victim’s computer – particularly online banking details and passwords. The victim may feel that the engineer has done them a favor, but the reality is that they have invited the hacker to steal from them.
Avoiding the Technical Support Scam
There are several ways you can protect yourself from becoming a victim of this scam. These four tips will help keep you safe:
1. Use your common sense
Microsoft or Panda (for example) never ring customers to inform them of security problems. These companies may provide assistance by telephone, but they never call you first. In fact, unless you pay for a third party technical support service, no one should call you about problems with your computer or router.
No matter how urgent the issue sounds, anyone claiming to be calling about PC security problems is lying.
2.Protect your personal and sensitive information
Never give your account numbers or passwords to anyone over the phone or the Internet unless you are 100% sure who they are. If you are in any doubt at all, hang up. Keep in mind that fraudulent activities are profitable for the bad guys.
A good rule to follow for any incoming call: never hand over your credit card or bank details. Just don’t do it!
3. If you have a doubt: tell everyone about it
The Telephone Support Scam preys on people’s insecurity about their lack of tech knowledge. It is very easy to be a victim, and the best defense is sharing knowledge – telling other people about this scam, and what the criminals are doing. It is much easier to put the phone down if you know that the call is a scam.
You should also consider reporting the scam to the company being investigated. If you do, make sure you find the right details though.
4. Protect your PC in advance
Do not forget to use antivirus protection for all your devices. If your device is protected by an anti-malware toolkit, it will not be generating security errors online or anywhere else. So you know that someone claiming you have a problem is also lying.
If your computer does not have an up-to-date security toolkit installed, you must act now.
Most social engineering attacks can be avoided by taking a second to think through the implications of what you are being told. You must not allow yourself to be bullied into making what could be a very costly mistake.
For more useful tips and advice about staying safe online, please check out the Panda Security knowledge base.