Recently, we've heard of a number of customers who have been receiving fraudulent phone calls from various "tech support companies" who are offering unsolicited help. The gist of the scam is that they are calling you to connect to your computer to fix a virus problem you didn't know you had. Often times they will direct you to a legitimate remote support site and have you download a small program to connect to your computer. From there they sift through your data, looking for sensitive information and then they try to get you to buy security services/software to protect you from future issues. All you need to do is give the caller your credit card or bank account information.
This type of scam uses social engineering to circumvent any security devices or software that you may have in place. These malicious callers find it easier to work through a user computer than to cut through a network's various security layers. They play on the trusting nature of people who might not understand technology and offer to help them with a scary issue. How many times have you let someone from Network Center connect to your computer? How did you verify that they were who they said they were?
Many of these callers crooks say they are representatives of Microsoft. It happens frequently enough that Microsoft has issued the following statements on its Safety & Security site:
"Treat all unsolicited phone calls with skepticism. Do not provide any personal information.
If you receive an unsolicited call from someone claiming to be from Microsoft Tech Support, hang up. We do not make these kinds of calls"
"There are some cases where Microsoft will work with your Internet service provider and call you to fix a malware-infected computer—such as during the recent cleanup effort begun in our botnet takedown actions. These calls will be made by someone with whom you can verify you already are a customer. You will never receive a legitimate call from Microsoft or our partners to charge you for computer fixes."
So what can you do to keep your data safe?
- Ask questions - The simplest thing to do is ask questions of whomever is trying to "help" you. How did you get my phone number? What is my computer name? What is your badge and callback number? Scammers won't spend a lot of time on a mark who is being difficult; there are plenty of fish waiting to be phished. If you ask questions they'll likely hang up and move on to the next target.
- Check with your IT staff - If you get a call from someone offering remote support and you feel that the call might be legitimate but don't recognize the voice or the company name, ask your internal IT support staff if whoever is on the phone is authorized to connect to your computer.
- Call them back - If you don't recognize the person trying connect to your computer, but they say they're from a company you recognize, ask them for their callback number. Hang up and call them back. Most of the scammers work overseas in outbound-only call centers or with stolen cell numbers so they won't be able to offer you a call back number.
- When in doubt, keep them out! - If something doesn't feel right, don't connect them to your computer. If they don't get connected, they can't steal any data. Like it or not, you share the responsibility to keep your company's and your customer's data safe.
Sometimes, you can follow all the security advice in the world and still let the scammers into your computer. What then?
- Disconnect from the network - That will sever the remote control connection and allow you to assess the situation.
- Scan the computer - Use anti-malware software programs like Malwarebytes and Spybot Search & Destroy to scan and attempt to fix your computer(s) for malicious software that may have been installed without your knowledge.
- Change your passwords - Many times, scammers poke around on your computer for data they can steal before pressing you to buy their "services." You likely won't be able to tell what they accessed so changing your password(s) is one step that will make sure they cannot get back in.
- Reconnect - If the scans do not show any infections, you can reconnect to the network but watch for suspicious behavior such as browser hijacking or unusual antivirus messages.
- Report the scam - Microsoft recommends reporting the call to the FTC so they can gather information about these criminal organizations.
My intention is not to alarm you or make you paranoid about remote support. Remote support connections are an integral part of keeping your networks running smoothly. I do want to make you aware of how as Midwesterners, our trusting nature can be used against us and how we can protect ourselves and our data. Remember: when in doubt, keep them out!
If you have any questions about how you can better protect your network or if you need help with a security issue, please reach out to your Network Center support or account contact. We're here to help.