Many IT security attacks happen covertly and entail sophisticated software. Advanced persistent threats, buffer attacks, or unpatched software attacks, just to name a few examples, usually occur behind the scenes and are best defended against with a good security program. Trust your IT department, if you have one, or your managed services provider (MSP), if you don’t, to ward off attacks such as these.
But not even the best IT security system in the world can't protect you from hackers if you personally open the door and let them come into your system. I’m talking about a recent wave of helpdesk tech support scams involving SMS text messages, emails, and even phone calls to unsuspecting consumers and business owners offering free security scans. The good news is that these attacks are easy to defend against; they just take a little awareness on your part. A great place to start is by simply clicking "Read More" for an overview of how these scams work, how to spot them, and how you can protect yourself and your business from them.
How Technical Support Scams Work
These attacks are simple. They involve the age-old technique of one person lying to another. They are really no more sophisticated than a salesman knocking on your door and trying to sell you a bottle of fake medicine. The only difference between the 21st century tech scam artist and the 19th century snake oil salesman is that now con artists use the Internet or the phone system to hawk their phony goods.
You’ve seen the ads — the annoying ones that pop up on your computer screen warning you that your system may be infected — that offer a free security screen online. At best, they charge you money for bogus security software, or anti-virus software that is freely available over the Internet. At worst, they load destructive malware and/or spyware onto your system. But lately, hackers have been using an old-fashioned 20th century tool — the telephone.
The latest version of this phony security scam starts with a phone call. Often, they just get your number — or your company’s number — from another very old source, the telephone directory. Hackers are also very good at collecting loads of personal information about you, and even your company and work colleagues, from social networking sites like Facebook and LinkedIn. Once they have you on the line, they try to sound trustworthy and competent by naming your operating system, bombarding you with a lot of technical jargon, and claiming that some of your files contain viruses. Next, they may ask your permission to access your system so they can “fix” your problem.
Simple Scams, Simple Solution
While many people with even a basic knowledge of computers would laugh at these amateurs and promptly hang up, believe it or not there are a few trusting souls who fall for this scam. It is not their fault. Some of these hackers are very good con artists, and once they get their unsuspecting victims on the phone they can sound very convincing.
They may claim to be from legitimate IT security software firms like Norton, McAfee, Kaspersky, or Malwarebytes. Some claim to be from Microsoft, knowing that the vast majority of personal computers use the Windows operating system. After trying to confuse you with a barrage of technical terms, they may ask to go to your system to perform a series of "tests." Or, they may just cut to the chase and try to sell you a worthless security system. At this point, you should simply hang up the phone because none of these companies, or any other legitimate software firm, would contact a customer in such a manner.
In any case, never give control of your computer to unknown parties who place unsolicited phone calls to you or your business. Also, do not rely on caller ID to authenticate callers. Hackers have software that can display legitimate sounding addresses and phone numbers, even when they are in another country — this is called "spoofing."
Never give financial information or passwords to someone who calls you and claims to be from a tech support firm. If you have concerns that your system may have been compromised, scan it yourself with legitimate security software or consult with a trusted DC managed technology services partner for peace of mind.