SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Education must be our secret weapon in the fight against tech support scams

Mon, 29th May 2017
FYI, this story is more than a year old

They are scammers, they are prolific and they are determined - but they're not hackers if you give them everything they want.

There are thousands of scams: Banking scams, email scams, investment scams, IRD phone scams... and the cold call scams purporting to be from Microsoft, Spark, another genuine NZ provider or any major tech provider. It's a never-ending torrent of trickery and corruption.

The 'Microsoft support' phone scams have been going on for years in various forms. One of the latest phone scams uses telco names such as Spark and Vodafone in place of the Microsoft name.

For the less-than-tech-savvy, the calls can be so convincing that they lose their life's savings and the money they need to survive. Sharing information helps everyone to understand the dangers and has a trusted support person so that they never become a victim.

The scammers may say that they're with [X provider] and 'we've noticed there's a problem with your network. There's malware on your computer and we need to fix it'. Caught in a panic, some will agree to 'fix the problem'. Cue installation of Microsoft TeamViewer, a normally useful tool that unfortunately falls into the wrong hands. From there, it's all downhill.

For a fee, the scammers can clear the supposed malware and correct the network by using their own software. To the untrained eye, the scammers look like they're doing something. Some legitimate programs can be installed, which makes it look like everything's genuine. There's also potential for spyware and other tools masquerading as cleanup tools to be installed.

Unfortunately, when there's a 'fee' attached to these scams, you can bet they're going to ask for credit card details, driver's licences, email accounts and passwords.

While they're getting all this information and accessing bank accounts or signing up for funds transfers, they keep victims on the phone, talking and distracted with inane questions like what they're having for dinner tonight.

The scammers have just hit payday. They might be having having five-course meals for dinner, because they've just stolen huge amounts of money from those bank accounts and credit cards.

The money may be sent through Western Union or some other intermediary, through which the scammers so generously signed up for using victims' names, card details and driver's licence numbers. Those details could then be used for further identity theft.

While tech-savvy people may scoff at the scam calls; while it has evolved into a game of who can waste the scammers' time the longest, we do have to boil it back to basics. There are people who fall for it, and that may always be the case.

We need to share information and protect those who are most vulnerable to attacks: Those who don't know how to use computers very well. It's not just about the amount of money they've lost, the emotional effects can be devastating.

Scammers use scare tactics to prey on people. It's our responsibility to take the message far and wide. It takes a few minutes to put together some tips for those most vulnerable.

While they may not be able to take all required steps themselves, ensuring they have a trusted advisor can help them through the process.

Netsafe provides the following tips for dealing with technical support phone scams:

  • Don't trust cold calls that say there is a virus or malware on your computer. If they do, hang up the phone immediately. If you're unsure, hang up immediately and contact your provider directly using the official number from the phone book or website. You can also call 0508 NETSAFE for advice.
  • If you did give scammers access to your computer, take the following steps immediately:
  • Contact all banks if you have provided credit card or banking information to the scammers. Banks can freeze your accounts and make sure the scammers can't access any more money or the bank accounts themselves. If caught in time, banks can stop the transfers. They may also try to recover money that was lost. You will need to visit a bank in person to reinstate your bank accounts.
  • Change all passwords from a different computer. This includes banking passwords, email passwords, Facebook passwords, TradeMe passwords or any other accounts that have access to your banking information. Keep an eye on bank statements for suspicious transactions.
  • Disconnect your device from the internet immediately, or turn the modem off. If you think the scammers installed their own software, don't turn the device back on until it has been fully reset. A technician or trusted support person can do this.
  • Find a trusted person who can run a full antivirus scan to check if the scammers loaded any malware on the computer.

Other tips:

  • Don't click links or open attachments in emails from people you don't know.
  • Banks will never ask for your credit card details, driver's licences, usernames or passwords over the phone or via email.
Most importantly, don't let the scammers get away with it.
Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X