Blog - FTC and SBA Guidance on Cybersecurity - Tech Support Scams

Ring, ring, ring! Hello this is Paul is Microsoft. We are getting notices in our systems that your computer is infected with a scary new virus. We are calling as a courtesy to help you correct this problem. All you need to do is .…

Tech support scams have been a common, but under-discussed, technique used by fraudsters for decades. These scams can take the form of phone calls (as described above), fake pop-ups (Warning! Your computer is infected!!), or emails. Their intent is to convince you to install some software, allow them remote control, or perhaps give up your credit card information.

Like many other social engineering techniques, tech support scams often convey a strong sense of both urgency and authority.  They attempt to worry and confuse the user – while presenting a clear path forward to resolve the problem.  Unfortunately for the user, the stated problem likely doesn’t exist and the solution is useless and costly. 

Tech support scams may be delivered in different ways - but they generally lead to a few common  goals for the criminal.

  • Ask the users to allow remote control of their PC.

  • Drive user to a website to purchase ‘fix-it’ software.

  • Ask the user for his password for ‘testing purposes’.

  • Pressure the user to install ‘updates’ or ‘diagnostic tools’.

  • Ask user for a credit card number to pay for services or an extended warranty.

The good news is that companies and individuals don’t need to spend money on new security tools to address this problem. You can greatly reduce the risk of social engineering attacks, like tech support scams, by simply educating your users.

  • Legitimate support calls should only originate from a few well known sources within your company. Users should be reminded that any other externally initiated service requests are fake. Have them hang up and report the incident to the help desk.

  • Users should be wary of any unexpected popups on their screen. Do not click on any links or call any phone numbers presented in these popups.

  • When in doubt hang up the phone, delete the email, or don’t interact with the popup - and call your company helpdesk.

Tech support scams are growing in frequency. Both the FBI and Microsoft recently published security flashes on the topic. The good news is that with some user education - instilling a bit of mindfulness and cynicism in your workforce - companies can effectively protect themselves and their employees

——————————————————————————————-

The Federal Trade Commission and Small Business Administration have collaborated to publish guidance (https://www.ftc.gov/tips-advice/business-center/small-businesses/cybersecurity) for these companies. This guidance is a great place to start for business leadership that is worried about cyber issues but aren’t sure where to begin.

North Wonders has produced a self-guided security assessment tool based on the SBA guidance referenced above. This tool (https://www.northwonders.com/offering/#self-guided) allows small businesses to quickly see their cyber hot spots and get actionable guidance on correcting any issues. For more information please contact us at Info@NorthWonders.com.