“Jesus! Did you say some warning!” exclaimed the voice on the line.
“Yes, it says…”
“Yeah, it says warning,” said the customer.
“My good luck, madam. It would be my humble request to you, please do not click on any of them, OK?”
“And it would be my humble request, madam, that you keep your mouse pointed away from them because that’s of the malicious online infections I was speaking about, OK?”
If there’s such a thing as a code red for computer emergencies, this probably sounds like one. Except there is no emergency. That IT guy is a scammer, and that customer on the other end of the line is an undercover agent with the Federal Trade Commission. She knows for a fact that her computer is just fine.
The problem is, millions of people who find themselves embroiled in tech support scams don’t, and the fake tech pro’s outrageous response only exacerbates their feelings of desperation. Tech support scams are a multimillion-dollar global industry, and they bet on the notion that tech-unsavvy people will shell out cash in a panic. Here’s what you need to know.
What are tech support scams?
Tech support scams prey on people’s tech fears and confusion. Whether it’s via a pop-up message, an email or a phone call, these scammers convince you that your computer has been infected by a virus or compromised by malware, or its security functions are in bad need of a tuneup, but—don’t worry!—they can help. For a fee.
Not surprisingly, the elderly (who are presumably less tech-savvy and more vulnerable to these traps) have been the biggest target. According to the Federal Trade Commission, people over 60 were five times more likely than others to lose their money to tech support scammers. In 2018, these fraudsters bilked people out of a whopping $55 million, the FTC reports. Seniors lost more money from tech support scams than any other kind of fraud.
Scammers not only steal in the form of payment for their tech “help”; they also attempt to gain access to sensitive information via spyware, which they install when they’re “fixing” their victim’s device. Once scammers find a victim, they often go back to the person again and again with new reasons why they might need to pay for another tech-support session. That can add up to surprisingly lucrative heists over time. For instance, three tech support scammers arrested last year in New York City managed to haul at least $1.3 million between 2013 and 2019.
How do tech support scams work?
Tech support scammers get to their victims in a range of ways. These include:
- Pop-up warnings that their device is compromised.
- Scam sites, which are often reached by inadvertently making a URL typo. A study found about 8,700 bogus sites over the course of a 250-day search; many last only 11 days.
- Emails threatening a false infection (a form of phishing).
- Phone calls. Scammers often spoof caller IDs, so the number looks like it’s from a legit company.
- Online ads for tech help.
The scammer often scares victims by telling them that their computer has been compromised by a virus or malware and (if they aren’t on the phone already), they must call a particular number to eradicate the problem. Otherwise, their personal information could fly out into the open for all to see, or they might lose all their files or suffer a complete computer breakdown. To enhance trust, the site or note is made to look like that of a reputable company (like Microsoft or, say, a security company like Norton); scammers even say they’re calling or emailing from Microsoft or Apple support. (There have been so many Microsoft tech support scams that the company itself warns users against these crooks and provides its own portal for reporting fraud.) To give a sense of urgency, many might even use an audio clip that sounds like an alarm.
The idea is to pressure the victim into allowing remote access to “remove” the nonexistent malware, often guiding the victim into downloading and installing an online tool.
Once in, the scammer pretends to troubleshoot by opening up systems folders and running scans. Sometimes this is just for show (as an ex-scammer explained on Reddit, “Pretty much we would log on to your computer and show you a bunch of s— that looks scary and really isn’t”), but other times scammers use tools to peek into sensitive information.
They then charge hundreds of dollars, often demanding it in the form of a wire transfer, gift card (another fraud red flag) or a check—offering a variety of packages, from a one-time fee to a multiyear service bundle that can cost almost $1,000. When, over the course of eight months in 2017, a team of SUNY Stony Brook researchers posed as clueless victims, they found that the fee averaged about $290.90. Using web-server analytics, they estimated that the fraudulent tech domains they studied made off with as much as $9 million combined during the study’s duration.
These scammers usually work in groups located in call centers. As that ex-scammer—who said he had zero tech expertise and made $8 an hour plus commission—put it on Reddit: “The career goal is to make as much money before the company gets shut down by the FTC.” In November 2018, as a result of efforts by Microsoft (which has been especially hard hit by these tech support scams), 26 call centers were raided in New Delhi. Police arrested dozens of people and collected reams of evidence, including call scripts and live chats. In the case of the New York City arrest, one of the defendants said that he’d collect the checks and then send them to his co-conspirator in India, earning an 8% cut.
How can I protect myself from tech support scams?
As with most dreaded blights, prevention is the best medicine.
Keep your security software up to date. Each update patches any security holes and can help prevent malware from installing.
Ignore unsolicited phone calls or emails from people and companies you don’t know. Check on numbers you’re not sure of using a reverse-phone-lookup tool, which may help you ascertain if the call is legit. An email search tool may help do the same for unsolicited email warnings. Keep in mind that caller ID numbers can be spoofed. You can also search if the company the fraudsters claim to represent are often targets of such scams.
Delete out-of-the-blue emails or pop-ups about computer-related warnings, even if they seem to be from reputable companies. The truth is, real technicians have no way of knowing whether your computer has a virus or not, if you haven’t contacted them first. And they would never email or call you out of the blue.
“They’re not looking at individual computers,” said Derek Meister, a tech support agent with Geek Squad. “A legit error message would give an error code, but it won’t ask you to reach out directly to tech support.” If you’re still not convinced, contact the manufacturer of your computer or your software directly as opposed to the number you see on the screen. Meister said that force-quitting your browser and restarting your device typically gets rid of those messages.
Contact reputable companies directly for tech help if you need it, not some random site that shows up from a Google search. For instance, contact Geek Squad via the Best Buy site or the Genius Bar via the Apple site, or find help from the brand that makes your computer or software (such as Microsoft) by logging on to its official site.
Hang up if you think you’ve inadvertently connected with a scammer. If the technician uses scare tactics, tries to rush you into making a decision, asks for personal information including passwords, and/or dismisses your questions or concerns, it’s a scam.
Never pay with gift cards, wire transfers, cash or check. Often, when you call tech support at the company that makes the device or software you are using, the support is free. If payment is in fact due to a reputable well-known company, that payment is always processed through a secure system online in a way so that the charges can be easily reversed if need be. This is not the case with scam tech support, who simply ask you for a credit card number over the phone. However, says Nick Nikiforakis, an investigator in the Stony Brook study, “they also make other accommodations (such as accepting the picture of a check) if the victim doesn’t have a credit card and they don’t want to miss out on the ‘sale.’ “
Try to recoup your losses if you’ve been a victim of a tech support scam. Inform the company behind your method of payment as soon as possible—whether it’s your bank or a wire transfer, gift card, or credit card company. Run your security software and a full scan to detect and remove any malware. If you’re not sure how to do that, contact your computer or software manufacturer or retailer for legit tech support; once you get the all-clear, change the password on all your accounts.
File a complaint with the Federal Trade Commission. Give them the fraudulent phone number that you were told to call. This will help officials build a case against scammers and shut them down.