For years, criminals have been using technical support scams to deceive users under the pretext of solving their “problems” with devices or software. Thanks to sophisticated social engineering methods, scammers easily manage to trick users into giving up their money or confidential information.
According to a Microsoft study in 2021, 60% of users worldwide encountered tech support fraud within a year. At the same time, 1 in 6 users was a victim of a scam, which often led to financial loss.
How does technical support fraud occur?
As a rule, scammers call users and try to convince them that their computer has a problem that needs to be solved immediately for a certain fee. Criminals target victims who know little about how computers work, using fake websites and Facebook pages with “help” offers for this purpose. With the emergence of deceptive advertisements and fake pop-ups, notifications warning about a specific problem began to appear on users’ screens.
Today, scams have become more diverse and sophisticated, and fraudsters have started to persuade victims to call them themselves. As a rule, tech support fraud involves the following scenario:
The victim receives an email from an apparently legitimate sender warning about the automatic renewal of a certain technical service for several hundred dollars. If the recipient does not want to pay, they are asked to contact the specified phone number or email address.
The user calls the scammers and demands an explanation or a refund.
The scammers convince the victim to download Remote Desktop Protocol (RDP) software to gain access to the user’s computer, provide technical support, and process a refund.
The fraudsters claim that they have refunded the money and ask the user to log into the banking app to verify. Thus, scammers can gain access to the account.
Gaining access to the online banking account, the attackers either block the victim or show them a blank screen, while simultaneously transferring funds from the account.
Of course, this is not the only type of technical support scam. Fraudsters can also call, send messages, or letters to start a dialogue with the victim. Moreover, the attackers disguise themselves as representatives not only of technology companies but also of financial and banking institutions or even virtual currency exchanges.
How a scam happens and what you need to know to avoid becoming a victim of fraud. ESET.
Fig. 1. Examples of fake notifications.
Among the problems that scammers offer to solve, there may be the need to renew a license, a virus infection, or a hacking of an email or online banking account. For example, the attackers might convince the victim that due to a hack of her online banking, she urgently needs to transfer funds to another account. Then the scammers ask for remote access to the device and to open accounts in virtual currency to transfer funds from the victim’s bank account.
Another method is to infect the user’s device during an attack using a hidden download, resulting in the creation of fake pop-up windows warning of a problem and asking the user to call a number.
Fraudsters can also use remote access to the victim’s computer to download a malicious application for theft, with the aim of obtaining card data and other personal information, and then charging the victim.
Add a Comment