Cyber criminals latched onto technical support a long time ago, seeing many possibilities for scams and attacks. Most recently, tech support scams to cold-sell support packages over the phone have been popular – according to the 2016 Internet Security Threat Report from Symantec, which also noted a 200 per cent increase in tech support scams overall in 2015 compared to 2014. Fake alerts on PCs try to get users to call a free phone number for assistance. At the other end of the line, a scammer tries to persuade users to install software to “fix problems”, software that in reality is malware, such as ransomware. But the real reasons for success with the scam are not technical at all.
Technical support scams play on a range of human characteristics, in particular:
- There has been enough hype by now to make most IT users aware of the potential damage of IT security breaches. A little marketing expertise and wording gives the fake alert on the PC screen the power to panic users into seeking a solution to a problem that doesn’t exist.
- Like email phishing and spear phishing, if the message is presented the right way, readers may not bother to scratch the surface to see what’s underneath. They accept the on-screen alert as a bone fide message from the PC or system vendor.
- Everybody loves a quick solution, but not everybody is prepared to take the time to think things out. The current wave of consumer IT has made things so quick and easy that it becomes even more of a challenge to summon the energy to investigate properly, or even pick up the phone to see if the IT department knows what’s going on.
These three problems can be mitigated by training and awareness programs. You can also avoid the problem by asking users to use only approved software, visit only sites cleared for IT safety and take due precautions when receiving email. Make regular tests to check user resistance to scams too, as scammers will keep up their attacks as long as they continue to find victims.