“If you did not initiate the call, do not hand over your credit card”
Microsoft warns that tech support scams are on the rise. The old scam we’ve all warned friends and family about – a fake Microsoft tech support person calling them to inform them there’s malware on their PC – is still working. We are all doomed.
These types of attacks fall into the social engineering bucket and, the thing is, we all know someone who’s fallen for these attacks, so we shouldn’t be surprised by these statistics. Microsoft reported:
“In 2017, Microsoft Customer Support Services received 153,000 reports from customers who encountered or fell victim to tech support scams, a 24% growth from the previous year. These reports came from 183 countries, indicating a global problem.
Approximately 15% of these customers lost money in the scam, costing them on average between $200 and $400. In some cases, victims pay a lot more. In December 2017, Microsoft received a report of a scammer emptying a bank account of €89,000 (about $108,838.00) during a tech support scam in the Netherlands.”
Anyone who works in cybersecurity or has any knowledge of social engineering attacks and their alarmingly high success rate, will not be surprised by this data.
Part of the problem is that victims of these fake tech support scams often feel a sense of shame for falling for the ploy and losing data, funds, or both, and so they don’t tell anyone about it. Those working in information security or IT may hear about it from family directly, but only because they’re desperate to fix the situation or at least determine just how bad the damage may be.
Some victims may be calling Microsoft for real tech support and those folks have been included in the Microsoft report, or alternatively they call Apple tech support. However, the rest of the victims likely just accept they’ve been victimized and move on - if they even know they were scammed at all.
The sense of shame needs to fall by the wayside and those of us in the know about cyberattacks must continue educating our family and friends and when they do call us for help, we need to take a deep breath and guide them, rather than shaming them.
So, what can be done about the number of people being scammed by fake tech support calls? Microsoft stated in their report that they’re doing their part in stopping this number from rising even more. But what can we do as IT and security professionals to help protect our friends and family?
There’s one simple rule that you can share with your friends and family: if you did not initiate the call, do not hand over your credit card (or other personal and financial details).
For example, if you call your local pizza joint and place an order, it’s perfectly reasonable to provide your payment details. But if someone calls you claiming there is an issue with your computer, your pizza order, your taxes, etc., do NOT hand over your credit card details, or any personal details such as your full name, address, etc.
There are also third-party services which will filter your telephone calls before ringing your phone, such as Nomorobo and Hiya. Some wireless carriers such as AT&T and T-Mobile will even offer the service for free at the network level. Smartphone manufacturers like Samsung are also getting into the arena by building this functionality into the smartphone dialer. (These apps and services may come with additional monthly fees, so check with your service provider and smartphone vendor to see what partnerships they may have with call filtering services.)
NOTE: This blog represents the opinions of ThreatMatrix authors only, and does not represent an official Cylance endorsement of any companies, services or persons mentioned herein. ThreatMatrix is not paid nor otherwise compensated in any way for any product/ company/ service mentioned in these blogs.