FBI Alert: Watch Out for Subscription Renewal Scams

The law enforcement agency says it has observed "several instances" of this specific social engineering scam since October.
Aaron Drapkin

The FBI has released an official alert warning the US public about “tech support scams” after observing a number of different examples of the malicious activity in October.

Password managers and other cybersecurity software will help shield you from threats like credential stuffing or brute-force attacks, but social engineering scams like this are arguably harder to snuff out and increase in sophistication by the day.

Educating yourself to recognize the tell tale signs that a scam might be taking place, however, and never handing out your information without verification, are two steps you can take to ensure you’re not the latest victim.

Scammers Posing as Technical Support

In a technical support scam, the FBI says, scammers “pose as service representatives of a company's technical or computer repair service and contact victims through email or by telephone about a highly-priced, soon-to-renew subscription.”

The scammer will then ask a given target to ring a phone number or send a message to an email address requesting the renewal be canceled.

“After the victims contact the scammers” The FBI continues, “they attempt to obtain personal and banking information that is then used to conduct unauthorized wire transfers of funds held within the targeted victim's accounts.”

What Happens During a Tech Support Scam?

Typically, the FBI says, these scams start with an email, usually with a subject line hinting at some sort of renewal of a service.

Although the email domain the message comes from is a scam, great efforts will have been taken to make it appear somewhat legitimate and recognizable. This is a common facet of phishing campaigns and social engineering scams in general.

Emails of this nature will use a variety of techniques to inject a sense of urgency into the situation, such as saying the victim will be charged within 24 hours, or suggesting a large amount of money (commonly within the range of $300 – $500) will be taken.

A phone number or email address is then provided for the victim so they can contact the scammer and claim a refund or cancel their “subscription”.

When the victim makes contact with the scammer, the malicious actor will then try to coerce them into downloading remote access software. Then, the victim’s information can be collected while they log into their bank, as well as other personal information.

Protecting Yourself from Social Engineering Scams

Scammers using social engineering techniques to try and get their way will prey on anyone who doesn’t think twice about their legitimacy.

While password managers and antivirus software can protect you from a range of online threats, the best protection against social engineering is being able to spot the telltale signs that someone might not necessarily be who they say they are.

Some “golden rules” (many of which the FBI lists in its public service statement) that you should follow when speaking to someone purporting to be from a legitimate organization include:

  • Treat anyone trying to persuade you to act quickly with extreme caution – legitimate organizations will not pressurize you to part ways with your cash.
  • Talking is one thing, but never, ever send money to a bank account on the instruction of someone you’ve exclusively spoken to on the phone.
  • Never give out your personal information, such as your home address, over the telephone, particularly without proper confirmation of who you’re talking to.
  • If you think you are being wrongfully charged for a service you don’t use, contact your bank directly and initiate a fresh channel of communication.

Remember, you will never be penalized by a representative of a legitimate entity – be it a bank, charity or government agency – for demanding a proper verification process takes place. If you’re even just a little bit unsure, it’s better to be safe than sorry.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Aaron Drapkin is a Senior Writer at Tech.co. He has been researching and writing about technology, politics, and society in print and online publications since graduating with a Philosophy degree from the University of Bristol three years ago. As a writer, Aaron takes a special interest in VPNs and project management software. He has been quoted in the Daily Mirror, Daily Express, The Daily Mail, Computer Weekly, and the Silicon Republic speaking on various privacy and cybersecurity issues, and has articles published in Wired, Vice, Metro, The Week, and Politics.co.uk covering a wide range of topics.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals