The FBI has released an official alert warning the US public about “tech support scams” after observing a number of different examples of the malicious activity in October.
Password managers and other cybersecurity software will help shield you from threats like credential stuffing or brute-force attacks, but social engineering scams like this are arguably harder to snuff out and increase in sophistication by the day.
Educating yourself to recognize the tell tale signs that a scam might be taking place, however, and never handing out your information without verification, are two steps you can take to ensure you’re not the latest victim.
Scammers Posing as Technical Support
In a technical support scam, the FBI says, scammers “pose as service representatives of a company's technical or computer repair service and contact victims through email or by telephone about a highly-priced, soon-to-renew subscription.”
The scammer will then ask a given target to ring a phone number or send a message to an email address requesting the renewal be canceled.
“After the victims contact the scammers” The FBI continues, “they attempt to obtain personal and banking information that is then used to conduct unauthorized wire transfers of funds held within the targeted victim's accounts.”
What Happens During a Tech Support Scam?
Typically, the FBI says, these scams start with an email, usually with a subject line hinting at some sort of renewal of a service.
Although the email domain the message comes from is a scam, great efforts will have been taken to make it appear somewhat legitimate and recognizable. This is a common facet of phishing campaigns and social engineering scams in general.
Emails of this nature will use a variety of techniques to inject a sense of urgency into the situation, such as saying the victim will be charged within 24 hours, or suggesting a large amount of money (commonly within the range of $300 – $500) will be taken.
A phone number or email address is then provided for the victim so they can contact the scammer and claim a refund or cancel their “subscription”.
When the victim makes contact with the scammer, the malicious actor will then try to coerce them into downloading remote access software. Then, the victim’s information can be collected while they log into their bank, as well as other personal information.
Protecting Yourself from Social Engineering Scams
Scammers using social engineering techniques to try and get their way will prey on anyone who doesn’t think twice about their legitimacy.
While password managers and antivirus software can protect you from a range of online threats, the best protection against social engineering is being able to spot the telltale signs that someone might not necessarily be who they say they are.
Some “golden rules” (many of which the FBI lists in its public service statement) that you should follow when speaking to someone purporting to be from a legitimate organization include:
- Treat anyone trying to persuade you to act quickly with extreme caution – legitimate organizations will not pressurize you to part ways with your cash.
- Talking is one thing, but never, ever send money to a bank account on the instruction of someone you’ve exclusively spoken to on the phone.
- Never give out your personal information, such as your home address, over the telephone, particularly without proper confirmation of who you’re talking to.
- If you think you are being wrongfully charged for a service you don’t use, contact your bank directly and initiate a fresh channel of communication.
Remember, you will never be penalized by a representative of a legitimate entity – be it a bank, charity or government agency – for demanding a proper verification process takes place. If you’re even just a little bit unsure, it’s better to be safe than sorry.