Have you ever gotten an unsolicited call from someone claiming to be a tech support pro who wants to help you with an urgent problem with your computer? Chances are you have. It is estimated that just one type of these many scams have cost U.S. victims $1.5 billion so far in 2015. It is not known how many of these scams are currently active, but with new ones popping up almost every day, I would estimate there are at least hundreds, if not over one thousand, different groups of these crooks launching their own tech support phone scam.
I got my first tech support scam call way back in 2005. I first wrote about another scammer with a different scam who called me in 2008. I’ve also had over a dozen of my friends and acquaintances contact me to let me know that they had been called by a tech support phone scammer. Many of their experiences have been unique from what I’ve seen. The types of phone scams that can exist are only limited by the imaginations of the crooks committing them.
I got another call from another tech support scam caller on November 27 of this year (listen to it here; 15:42 minutes). These tech support scam calls have really evolved and are more aggressive and sophisticated in their tactics than ever before. In the past they would not call me again after I hung up on them when they called.
In the past I would also play along with all the crooks’ calls and then hang up right before the point they would typically infect their victims’ computer. If you listen to my most recent call recording, to the end, you’ll know I stayed with them, playing along and doing as they asked, right up to the point where they wanted me to hit enter to give them access to my computer; I then told them I lost my internet connection. But this time was different, and points to a trend to be much more aggressive than in the past.
- The call started with one person who, once I was engaged in conversation, said that she could see (even though she did not have access to my computer yet) that my computer was “so badly infected, and putting everyone else” I communicate with through it at risk that she wanted her manager, “the foremost expert in the world in such computer problems,” to speak with me. And then she transferred be to another person.
- The tech support scam crooks repeatedly called me, 243 more times through December 9 from fourteen (so far) different phone numbers shown in Figure 1. This is an average of 19 calls per day! This shows how much they want to get into other people’s computers, and how lucrative their crimes are, to be so persistent.
- They were much more aggressive. Calling me names when I told them I thought my computer was okay. Yelling at me when I said that I would take my computer to the computer repair shop I always use for computer tech support. Even threatening me with arrest, or to have people come to my home, if I didn’t let them clean up my computer like “a good cyber citizen.”
Being lured to the tech support site
Another variation of the tech support scam is luring people to the bogus, malicious fake site. The US Federal Trade Commission (FTC) recently fined ($1.3 million) and shut down some scammers who had stolen over $17 million from their duped victims by luring them to their sites with pop-up alerts telling the victim that malware was on their PC. The ads provided a contact number and people would be told to call to get rid of the problem. From there they’d be directed to a malicious site and the unsuspecting victim would follow instructions, and then nasty malware, ransomware (which I wrote about here), would be downloaded, and they would be charged thousands of dollars to have it removed.
Know the signs of a scammer
Every business, of every size, and every individual is a potential target Make sure that everyone in the organization can recognize some of the key red flags of a tech support scammer.
If someone, who is not from any organization or vendor that you know you’ve paid to get tech services from, calls out of the blue and tells you that you have malware on your computer and they need to get into it to remove it, they are probably a crook.
Dubious information provided
They will try to sound convincing by telling you to go to your event log viewer, and will sound alarmed and concerned when you tell them the files that you have there; they’ll tell you that those files are all malicious. Don’t believe them. They are logs generated by the many different activities processed by your computer.
All of my calls came from people with very thick non-U.S. accents. I asked the first person who called, whose accent was so thick I had to ask him to repeat what he said several times, for his name. He said his name was Sam Wilson. This name also did not match the location from where he sounded like he came.
These scammers have been using the same bogus business names when they speak with victims. Here are some of the URLs the scammers try to and convince victims to go to:
- Onesupport . me
- Support . me
- chromecrashreport . com
- comphelpapp . com
- costatechhelp . com
- earntechhelp . com
- emergencyvirussupport . com
- instant-protection . com
- gettechhelp . com
- mypcoptimizerpro . com
- redlrect-403av . com
- redlrect-winav . com
- responsecomputersupport . com
- security-issue . us
- security-message . support
- washtechhelp . com
- window-defender-security-alert . info
- windows-spywarealert-cucwmpxvlfqfo2lpxgapsmccuy1yflsnjvtme . co
Keep this list handy. If someone tells you to go to one of these sites, you’ll know you are speaking with a scammer; simply hang up.
Invalid area codes
Scam callers often mask their phone numbers, using invalid phone numbers when they call so they cannot be traced. Figure 2 lists the 575 currently unassigned area codes that phone criminals love to use.
Of course some phone scammers will use legitimate area codes, but those numbers are comparatively small. As a case in point, only three of the 14 different phone numbers used by calling criminals who called me were actually-used area codes.
Keep this list handy. If someone calls using one of these area codes, you’ll know you are speaking with a scammer; simply hang up.
Never give control of your computer to someone who made an unsolicited call to you. And never provide credit card or financial information to someone claiming to be tech support.
If you do fall victim to one of these scams, report it to your company’s information security area and/or local police immediately.
Every business, of every size, sector and location, needs to stay aware of these calling scams. These criminals are equal opportunity scammers; they will call anyone anywhere to get a victim. This makes it more important than ever before for every organization to ensure they provide information security training to all their employees, and send them ongoing reminders warning of such scams. It also makes it very important for every individual to be able to recognize the signs of a phone scammer so they will not fall victim, and possibly lose all their files, and a lot of money, in the process.
For more information about this tech support call scam crimes, see:
- Security education on phishing can save companies millions
- Phone Scam Open Season – Business Risks
- More Phone Scams For the General Public
This post was written as part of the Dell Insight Partners program, which provides news and analysis about the evolving world of tech. Dell sponsored this article, but the opinions are my own and don’t necessarily represent Dell’s positions or strategies.