How to deal with Tech Support Scams

You get a pop-up message that says your infected and for you to call “Microsoft” Tech Support with the provided number, a voice may come from your speaker instructs you that your data is in harms way and to not shut off your PC. In a panic, PC users call this number and long story short, end up paying hundreds of dollars to a scam artist that claimed to fix something that was never an issue to begin with. This story is all to common today if you read the news.

A tech support scam artist claims to be an employee (or work with) of a major software company offering technical support to the victim. This can range from someone claiming to be your ISP, your cable provider, or even a Apple or Microsoft. The scam artist will claim the “company” has received notifications of errors, viruses, or issues from the victim’s PC. Scam artists are also claiming to work on behalf of the government to fight computer viruses and threats from enemy nations, hackers and terrorist organizations.

How they get you

Tech Support scam artists have a few tricks to try to extort you or scare you into paying them:

Cold Call. You’ll get a random call from the scammer who claims your PC is infected or has a serious error.

Pop-Up or Rogue Website. This is the more popular tactic where the victim will accidentally stumble upon a rogue website or receive a pop-up claiming you have a Windows OS Blue Screen Error, a massive data error, or a serious infection. Sometimes, it will lock your screen up and freeze your internet browser, or play a sound or voice over the speaker in an attempt to scare the victim. The pop-up or rogue website will always include the scam phone number for the victim to call.

Once you are speaking to them and letting them in

They will attempt to scare you further and instruct you to allow them to remote access your PC or devices to “fix” them. One they are in, they will claim they found the “errors” or “viruses” and ask you to pay for them to be removed, this usually amounts to hundreds of dollars. The money is collected from the victim usually by debit/credit card, wire transfer, or even prepaid gift carts!

If the tech support scammers are remotely accessing your devices, they can use this as a way to hold your information hostage and ransom you. They can intentionally install malware onto your PC, or steal your sensitive data on your PC such as passwords, financial accounts, and other data. There have been been reports of the scammers becoming so agitated they have threatened to destroy the computer and all its data unless the victim pays on spot.

What can you do to stop them?

We at SUPERAntiSpyware recommend a few different forms of defense and mitigation against the plague of tech support scams:

Do NOT give out credit card or bank information.

Recognizing what is occurring and ending the call immediately if you are speaking to a tech support scammer.

Do not allow unknown and unverified organizations remote access your devices such as your phone or PC.

Make sure you are using the latest version of SUPERAntiSpyware and it is up to date.

If you see a pop-up or you stumble upon a rogue website that is claiming you are infected, have an error, or a Blue Screen of Death go ahead and close your web browser, if needed force it down via the Process Manager. If you cannot do that, reboot your machine.

If you are a victim

File a fraud report with your Bank or Card issuer immediately and stop payment, or see if you can dispute the payment if it has already been made.

File a Complaint with the FBIs Internet Crime Complaint Center

Change your passwords to the services the tech support scam artists may have uncovered when they remote accessed your PC.

Remove any remote access software the scam artist may have had you install on your PC.

Typosquatting: Another front of malware attacks

Typosquatting is a type of internet scam that relies on end users making mistakes, such as spelling errors or entering the wrong domain name when entering a websites URL. It is also commonly known as URL Hijacking. There are many motivations for a hijacker to take the Typosquatting approach to deceiving unsuspecting victims:

1) To redirect web traffic to their own or a competitor’s product.

2) Installing malware to infect the user’s machine, typically with ad-hosting pieces of malware.

3) Freeze the web browser for a fake Tech Support scam, scaring the user into calling a fake tech support number claiming the user has a virus infection. These scams potentially cost the users hundreds of dollars.

4) To steal user information by running a phishing scheme to mimic legitimate website.

5) Making revenue from the user clicking on advertisements (either in plain site or disguised as legitimate search links) on the Typosquat website.

6) To blackmail or strong-arm payment from the company they're Typosquatting in order to force a purchase of the website from the Typosquatter.

A scammer who runs a Typosquat scam typically registers a website address with spelling close to the legitimate websites address. This is typically something simple like omitting a letter, adding a letter, or using a different Top Level Domain. For example if a user wants to go to our website, they may end up typing superaantispyware[dot]com with double a’s. This will end up showing a user a Typosquatting website such as this:

Another type of Typosquat scam would be due to the person improperly typing out the full URL, typing something like google [dot] om , rather than typing google [dot] com. In this instance, the person typing the .om domain would actually be viewing a page hosted on Oman's Top Level Domain, rather than the basic .com domain. In some instances, large corporations will buy up as many associated domains as they can in order to prevent this type of mistake (Google, for example, has variants of their site containing multiple o's and different Top Level Domains); however, not all companies have the foresight and/or money to do this. 

It is easy to avoid falling prey to a Typosquatting scam. Here are a few easy things you can do to prevent this.

1) Never open links in emails from unexpected senders, and exercise caution when visiting sites you're not familiar with.

2) Bookmark your favorite websites so you can easily access them.

3) Use a search engine like Google, Bing, or Yahoo when looking for a specific website if you are unsure about the spelling or if the business' website is the same as their name. Some car dealerships, for example, use dealer names or slogans as their website.

4) Double check the URL you are typing before loading the page

5) Make sure Real-Time Protection is turned on in SUPERAntiSpyware Professional

6) If you are starting a web-based business, consider buying multiple domains that are similar to your primary site to preemptively stop Typosquatters. Most domain registrars will offer bulk rates when you purchase more than one domain at a time.

While this type of attack is somewhat uncommon by today's standards, it still happens every once in a while. By practicing safe browsing habits, keeping your web browsers up-to-date, and running regular scans of your machine, you should not be impacted by most of these types of attacks.