Tech Support Call Scam Leads to Malware & Financial Loss
The Risk: Malicious actors use call centers to cold call victims in an attempt to gain access to the victim’s computer, install malware, steal personally identifiable information (PII), and receive monetary gain.
The Threat: A malicious actor, claiming to work for a well-known software, technology, or research company cold calls victims at random in an attempt to convince them that their computer is at risk of attack or infected with viruses, and that only the caller can remediate the problem. Victims who comply with the caller’s requests are highly likely to compromise their computer systems, as well as experience monetary loss. Victims may receive the calls at work or home, and on mobile telephones or landlines.
The Event: While there are variations of the scam, most follow a similar script.
- Introduction: A caller claims to work on behalf of a well-known software, technology, or research company and informs the victim that their computer is sending out error messages, attacking another computer, or exhibiting behaviors indicative of viruses. The caller claims that only they can repair the problem for the victim or that the problem can be fixed with a software upgrade.
- Gaining Trust: The caller will attempt to gain the victim’s trust. The caller may do so by instructing the victim to access the Windows Event Viewer, which displays standard messages about the computer’s operations, including general warning and error messages that are normal for the computer. The caller states these warnings and error messages are proof of malicious activity. The caller may use technical terms to confuse the victim or gain credibility. Callers are often forceful and attempt to create a sense of fear or urgency.
- “Fixing” the Problem: The caller will offer to fix the problem by installing an update, or requesting remote access to the victim’s computer. The “updates” and remote access programs are actually malware.
- Charging for Services: The caller may request the victim’s credit card information, or direct the victim to a website to enter their credit card number and personal information, in order to charge the victim for services rendered or for the software package provided.
The Implications: In most cases, the main motive for conducting this scam is monetary gain, which could be achieved through two possible means:
- Financial fraud: The caller may request monetary reimbursement for services rendered or for the software installation. If the victim provides credit card or financial information, the caller can charge the incorrect amount or make additional unauthorized charges.
- Malware: It is highly likely malware will be installed if the victim provides the caller with remote access to the computer or installs unknown programs. Malware can be used to collect sensitive information such as usernames and passwords, which could lead to compromised financial institution accounts or additional malware being installed.
The Action: Individuals receiving a call that matches the description of any of these tech support scam calls, or those who previously participated in a similar call, should be aware of several security guidelines.
If you receive a call:
- If you receive an unsolicited phone call from a technology company, hang up and report the incident to either your local police department, Information Technology (IT) department, or the Internet Crime Complaint Center (IC3, www.ic3.gov). Most legitimate technology companies will not directly call a computer owner, unless the computer owner requested assistance.
- Do not rely on caller identification (Caller ID) to authenticate a caller. Criminals can spoof phone numbers so they appear to be coming from another location or entity.
- Never provide passwords or bank account information over the phone; legitimate organizations will never call and ask for a password.
- Be aware that software updates do not require the computer monitor to be off; legitimate organizations will never request the computer monitor be turned off during an update and will not call home users to notify them about an update.
If you previously received a call:
- If you provided password information, change the password for that account. Never use the same password for multiple accounts.
- Use a credible antivirus program, and enable automatic installation of software patches. If malware may have been downloaded, run an anti-virus scan on the computer.
- If you provided credit card information and the caller charged the account, call the credit card provider and request to reverse those charges. Check financial statements for other unauthorized charges.
- You can register your telephone number on the National Do Not Call Registry (www.donotcall.gov), maintained by the Federal Trade CommissionUS entity (FTC), and report any further solicitation calls.
The information provided above is intended to increase the security awareness of an organization’s users and to encourage more secure behavior. Organizations have permission and are encouraged to brand and redistribute this advisory in whole for educational, non-commercial purposes. For more information regarding cyber threats please visit the Center for Internet Security Website at CISecurity.org.