How to avoid being a tech support scam victim
Online scams are getting better, but the patterns are the same and it is suspected that the scale of the 'support' scams is such that the person actually phoning you may even believe they are working for the company they claim to be working for.
Having just removed adware installed using AnyDesk after a parent believed a scam caller because when asked 'are you really from BT?' and the caller said yes, and apparently the sounds of a call centre convinced them this was genuine, I thought it was worth highlighting how people are caught out and some of the things you can do to help or avoid being scammed. The parent has had the chats and warnings about these sort of scams, but the fact they fell for it highlights that you need to vigilant all the time.
So how do you protect yourself? What should you say to friends and relatives?
In this case the caller was claiming to be from BT support and was stating that her PC was infected and they would sort it out if she downloaded AnyDesk remote control software. Alas the parent did download AnyDesk but thought more of it and contacted us, and after some scanning have removed AdWare that was installed for the short time they had control. So the key points to convey to people are...
- Broadband Providers, Microsoft and other IT firms will not usually call you to warn about a virus or another incident on your PC (if they do follow steps suggested below, i.e. do not trust them)
- The caller may know more about you than just your phone number, due to the number of hacks on large companies, don't allow this extra info be used to gain your confidence.
- Hang up the call, or ask them for a number to call them back on, and note this down, it may help authorities combat this nuisance. Incidents can be reported to www.actionfraud.police.uk.
- Do not share personally information with random callers, they may be phishing for a little more information about you rather than verifying your identity
- Never call the scammers back on a number they give you
- In some cases scammers have stayed on the line and will pretend to be your bank, so to ensure your line is clear, phone a friend who you know and thus can ensure your line is clear. Some changes have happened to phone systems to reduce the risk of this happening, but calling a friend or family is a good way of knowing the line is clear.
- If you think it really may have been your provider or bank, call them after looking up their number on a statement or website
- Do not visit any websites or download software they suggest, AnyDesk appears to be the choice of the moment for gaining remote access to a PC.
- If you know someone who has fallen for the scammers,
- make sure they contact their bank immediately if they do online banking from that device to report the incident and avoid losing money
- run the various malware and anti-virus tools. MalwareBytes is a popular suite and will clean up a PC as part of the free trial
- For any services such as email, online shopping, website logins, you should once the computer has been given a clean bill of health change change all your passwords and check for suspicious activity on the accounts. Report any rogue orders to the vendors, to ensure you are not out of pocket
- The tendency is to clam up about being caught out as it can be embarrassing but this makes life easier for the scammers, so do the opposite tell your friends and warn them these attacks
A great resource if you don't have a friendly tame IT person to hand to help you is www.getsafeonline.org and while it may seem a bit scary to read of so many scams that are done online, being pre-warned is half the battle.
The 'support' scams have been running in various disguises since at least 2009, and the fact they have not given up indicates they are still getting a reasonable hit rate, a better informed public will hopefully in time mean they will vanish and hopefully some of those behind the scams will get caught and sent to prison eventually.