New ‘tech support’ scams target victims by impersonating telcos – how to protect yourself
The latest scam to target unsuspecting computer users involves fake messages offering technical support that look like they come from a legitimate internet service provider (ISP).
Users have reported receiving realistic pop-ups from ISPs such as TalkTalk and BT saying that malware has been detected on their computers and that they should call a number for “immediate assistance”, according to the BBC.
The scam is a new take on cold calling, but rather than relying on users answering the phone it encourages them to make the call.
While the scam has been around since 2014, incidents are on the rise, with Symantec reporting a 200 per cent increase in tech support scams this year, according to the BBC.
The tech support scam dupes victims out of money in two ways.
The first is by remotely accessing the victim’s computer with their permission when the fraudsters have them on the phone. Without users knowing, the fraudsters install malware onto their computer that scans for financial information.
Another method is that scammers convince victims to make a one-off payment of around $200 (£136) for the fake support.
A tech support scam operation that was recently shut down in the US allegedly earned the scammers $17 million in less than three years.
How to protect yourself
The scammers can guess users’ ISPs through placing malicious adverts on websites that surreptitiously infects their computer. It redirects them to a website in the background that they can’t see and discovers their IP address.
The burden of prevention in this case rests on the advertising networks selling the space, as the malicious adverts can infect computers even if users don’t click on them.
With the ISP at hand, the fraudsters can target users with tech support messages that look legitimate as they appear to come from their provider.
TalkTalk said that it will never call its customers and use an account number to identify themselves, nor will it call and ask them to provide bank details, unless they have provided permissions to do so beforehand. It also won’t send emails asking for a password.
BT advised its customers should never share their account number with anyone and should always shred their bills. They should also be suspicious of unsolicited phone calls and emails, even if the person on the other end has their account number.
A spokesman for BT told the BBC: “BT takes the security of our customer’s accounts very seriously. We have recently been proactively warning our customers to be on their guard against scams. Fraudsters use various methods to ‘glean’ your personal or financial details with the ultimate aim of stealing from you.”
Don’t be a scam victim
The bank or will never phone you for your PIN or password
No company will send someone to your home to collect financial information or your bank card. Neither will they ask you transfer money to a new account for fraud reasons
No business or individual needs to know your personal financial information – including the bank or the police. Do not disclose your PIN, password or personal details unless you are sure of who you are talking to
Do not assume a caller is genuine if they know personal details about you. This could have been garnered elsewhere or pieced together through other means.
A new kind of fraud
Action Fraud is warning of a new form of fraud in which the public are sent letters, texts or emails asking them to phone their banks.
There is no request for passwords or other personal information, so many recipients may phone the number provided.
When your call is answered, a recording device is switched on.Your call is then transferred to a legitimate phone line operated by your bank, where you log in as usual by providing key letters of your password and other information. All of this is recorded, allowing the fraudster to build up information which could be used in future to access your accounts.
“The reason why this scam is so successful is because the fraudster’s presence is unknown to both the victim and the bank,” Action Fraud said.
Customers should only ever use phone numbers displayed on banks’ websites or on statements, it said.
If you are responding to a message or letter, you should tell the bank member of staff at the outset of the call, it advised.