Tech support scams are gaining momentum online, using sophisticated tactics to target individuals and businesses. Cybercriminals typically use social engineering and fear tactics to deceive their victims, stealing sensitive information or exploiting network vulnerabilities in their wake. Money and access to confidential data are key motivators for these types of scams. That’s why businesses of all sizes must ensure their cybersecurity is vigilant and resilient to incoming threats. Without proper precautions in place, one online tech scam can cause significant financial loss, disrupt operations, or damage a business’s reputation and client trust.
Online tech scams are not all the same. Every threat is unique and may target any individual in an organization. It’s crucial to recognize the nuances of tech scams to identify and shut them down before they lead to greater consequences. In this blog, we’ll look into the three main ways online tech scams are executed, and outline proactive steps your business can take to avoid their disastrous pitfalls.
What’s the Cost of a Tech Scam?
Let’s look at the real life consequences of falling for an online tech scam. Technology expert, Greg Charland, was contacted by one of his new clients concerned about malicious software on one of their PCs after an employee fell victim to a tech support scam. Several days after falling for the scam, the employee reported uncontrolled remote control usage and a suspicious “Updating” screen on their PC. Within the span of a few minutes, the employee lost full control of their computer while a threat actor worked in the background.
It turned out that the initial tech support scam the employee fell for allowed the threat actor to install and hide remote control software on the PC, enabling them to access sensitive files and prepare for a ransom demand. Although they only lost close to 12 hours of productivity, emergency IT response, and potential exposure of personal and business information, the damages could have been much worse. Had the employee not recognized the suspicious activity on their computer, the business might have faced serious financial, legal, or reputational consequences.
If you still believe online tech scams are not that common or don’t pose the same level of risks as larger malicious attacks, this is a reminder that online scammers are out there, equipped with the skills and tools they need to access your data. Being proactive and ready to address suspicious activity is key to staying protected.
3 Common Online Tech Scams
Cybercriminals use three main tactics to deceive individuals and business networks. It’s important to understand what these methods entail so you know how to recognize and prevent further threats. Here’s a detailed look at the common tactics:
Pop-Up Messages
If a pop-up appears warning that there’s been a threat detected on your computer while you’re browsing the internet, it’s most likely a scam. Typically, these warnings aim to induce panic so you’ll be prompted to act quickly, and without thinking. They may ask you to click a link or call a number – either way they are trying to get your data or your money. The safest choice is to close the webpage and run a virus scan.
Tips for prevention:
- Avoid engaging with suspicious pop-ups
- Install antivirus software that detects and blocks malicious ads
- Ensure your system is updated regularly
Unsolicited Calls and Emails
Cybercriminals may try to gain your trust by posing as someone from a legitimate organization. If you answer the phone and “Windows Security” is on the other end telling you about a threat detected on your computer, it’s a scam. Online scammers often use unsolicited phone calls and emails to trick people into believing there’s a threat. The goal is to get you to pay to fix the problem. True threats to your computer will never be discovered or reported this way. If there were real threats to your network, bank account, or other personal information, communication is typically initiated by you.
Tips for prevention:
- Stay aware and cautious of unexpected calls or emails asking for personal information
- Verify the identity of the caller or sender before engaging them
- Train employees to recognize suspicious emails
Remote Access Requests
Unsolicited calls or emails may lead to a request for remote access, as was the case for Greg Charlands client. Once remote access is granted, the threat actor will have full control of everything on your device, including passwords and other sensitive data. This enables cybercriminals to install malware, compromise data, or hold your network for ransom. While legitimate tech support people may use remote access to help fix your computer problems, they will not contact you with unsolicited emails or calls. It’s critical that you verify the agent is a trusted tech support provider if you’re granting them access to your device.
Tips for prevention:
- Avoid granting remote access to unknown solicitors
- Employ IT support services internally or from a verified organization
- Implement strong access controls and monitor remote requests
What Can You Do?
Proactivity is the best policy when it comes to reducing your chances of falling victim to an online tech scam. Here are four key tools you can implement to stay one step ahead:
1. Multi-Factor Authentication
Acting as an additional layer of security, multi-factor authentication (MFA) requires users to verify their identity before granting access to their accounts or business systems. Even if threat actors steal login credentials, they will have a harder time gaining entry with a second verification.
2. Antivirus Software
It’s a tale as old as time, yet some businesses or individuals overlook the need for proven antivirus software. Installing reliable security software can help identify and block suspicious activities before they become real threats. Just ensure you update the software regularly to keep up with changing threats.
3. Backup Your Data
In the event of a cyberattack, having backups of all your data ensures they won’t become damaged goods. With extra copies of your data in secure storage, your business can recover from an attack faster and with minimal financial strain. There are many reputable cloud services where your data can be stored or you might also consider secure, offsite locations.
4. Employee Training
Without proper education, employees won’t be able to tell the difference between a real or scam pop-up, email, phone call, you name it. Prioritize their awareness of common scam tactics like remote access requests, and encourage them to report suspicious activity to their supervisor and IT teams. Ensure training sessions are regular to stay current with changing technology trends and scam tactics.
What Incident Response Looks Like
If you fell victim to an online tech scam, it’s not too late to act. Here are crucial steps you can take to ensure business and personal information stays protected:
- Run a virus scan: Uninstall any programs the scammers may have installed by checking for any recently added programs. You should consult a trusted tech support person to help fully clean your device.
- Disconnect your devices: Isolate compromised devices from the network to prevent malware from spreading further.
- Contact financial institutions: If you gave the threat actors credit card or account information, contact your bank to report any unauthorized transactions and freeze your accounts.
- Report the incident: Online scams should always be reported to local law enforcement and your insurance agent, especially if personal information has been exploited or your business is threatened with ransom.
- Communicate to stakeholders: Remaining transparent with clients, employees, and business partners about the incident reinforces your reputation and ensures everyone’s safety.
By the time you realize you’ve been victimized by an online tech scam, your team might jump into panic mode. The good news is there’s still time to take action and prevent further exploitation of your network. Follow the steps above that seem necessary for your specific situation. If you lost all access to your computer and can’t run a virus scan, then disconnect the device and immediately inform your IT teams. Or, if the threat actor had already corrupted sensitive business data, then focus on reporting the incident and rebuilding trust with your stakeholders. The most important thing to remember is to stay calm, aware, and always thinking of your next steps to stay ahead of the threat.
Final Note
Last year, online scammers stole over sixteen billion dollars from Americans, and that number keeps increasing. Their impact is often misunderstood and can actually cause significant damages to business finances, operations, legal compliance, and reputation. When you understand the common online tech scams targeting businesses and individuals, you can start to prepare by implementing a stronger cybersecurity culture and staying vigilant of incoming threats.
At Atlantic, we know how to protect your team and your business from threats like these. We offer a stack of security services such as employee awareness training, email security, identity and access management and threat intelligence, helping your business recognize the signs of a scam to prevent a full blown attack. Contact our team to learn how we can work together to protect your business against growing online tech scams.
About Atlantic, Tomorrow’s Office
Atlantic is an award-winning office technology and IT solutions company providing Imaging Products, IT Support, Document Management, Cybersecurity and Managed Services to small and large companies in the New York City metropolitan area, and the Greater Philadelphia and Delaware Valley.
For the latest industry trends and technology insights visit ATO’s main Blog page.
