Evolving Tactics of Tech Support Scams

By: Emily Cranston, Senior Cyber Intelligence Analyst & Curt Beall, MS-ISAC Intel Unit Intern

Tech support scams have been around for years: you answer the phone and the person on the other end claims to be working with a well-known tech company. They try to convince you that your computer is sending out error messages, attacking another computer, or infected with viruses. Malicious actors use this scam to cold-call victims, gain access to victims’ computers, install malware, steal information, or receive payment for fraudulent services.
Although these tech support scams are not new, they remain successful, in part due to constantly evolving tactics. Malicious actors develop schemes that are increasingly more convincing to unsuspecting users. In the last few months, open source reports identified three new schemes:

  • In May 2016, tech support scammers began taking inspiration from ransomware operators by creating malware that blocks the victim’s access to their computer until they contact the fraudulent call center for support. When the user restarts their computer, the malware displays a Windows update screen that locks the entire computer. The update screen displays a message telling the user that their Windows product key has expired and they need to call a phone number to speak with a tech support employee.1
  • In June 2016, tech support scammers were masquerading as the victim’s Internet Service Provider (ISP) by deploying a pop-up that interrupts the victim’s normal browsing session. The message appears to be from the victim’s ISP likely in an attempt to add credibility to the scam. The pop-up displays a message that says the ISP has “detected malware” and urges the victim to call a phone number for “immediate assistance,” which connects the victim to the scammers.2
  • Also in June 2016, the Internet Crime Complaint Center (IC3) issued an alert regarding complaints that malicious actors were calling victims claiming to be tech support for cable and Internet companies. The caller claimed they received notifications of errors, viruses, or other security issues with the victim’s digital cable box, modem, or router and were offered assistance. Scammers are also calling victims and claiming to work on behalf of government agencies to resolve computer viruses and threats from possible foreign countries or terrorist organizations.3

The Multi-State Information Sharing and Analysis Center (MS-ISAC) recommends end-users take the following steps:

  1. Know the signs of a tech support scam
  2. Do not call an unknown call center
  3. Do not comply with a cold-caller’s demands
  4. Never provide credentials to anyone over the telephone

For situations that may include the use of ransomware and other malware, MS-ISAC strongly recommends using antivirus programs with automatic updates of signatures and software. Specific recommendations on how to secure your system from ransomware and respond to a compromise can be found in MS-ISAC’s Ransomware Security Primer.

If you do receive an unsolicited telephone call from a technology company or experience any of the other tactics used for tech support scams, report the incident to either your Information Technology (IT) department, local police department, or the IC3. Most legitimate technology companies will not directly call a computer owner unless the computer owner requested assistance. For additional recommendations on this scam refer to MS-ISAC’s Tech Support Call Scams Security Primer.

[1] http://news.softpedia.com/news/tech-support-scam-blurs-the-line-with-ransomware-locks-users-computers-504208.shtml
[2] http://www.bbc.com/news/technology-36084989
[3] https://www.ic3.gov/media/2016/160602.aspx