"Good morning, we're calling from technical support. We've detected problems with your equipment and if they aren’t resolved soon, your computer will stop working." This is how one of the oldest IT scams of all time usually starts off, a scam that has reemerged as the value of data has soared, a technical support scam also popularly known as the Microsoft hoax.
This type of scam emerged with the popularization of personal computers in the 1990s and was christened the “Microsoft hoax” due to the fact that the primary operating system at the time, Windows, was all but ubiquitous. Today, however, the scam can target any system regardless of provider — Microsoft, Apple, HP, etc. Over the years, there have been various permutations of how the scam has worked on a technical level, but the human aspect behind the deception hasn't changed since its beginnings. The scam can be boiled down to the following steps:
- It is common for consumers to provide their telephone number when they sign up to a new web site or register to participate in an online lottery. Occasionally, this data ends up in the dark web and cyber criminals exploit it by calling the unsuspecting party and passing him or herself off as a member of a technical support team. They do not always indicate the brand of equipment they supposedly represent, so that they can adapt their message to the responses provided by the potential victim.
- During the call, they will deliver a false, but alarming message: they have detected that the user’s computer has been infected by a malicious program, which is stealing social media or bank account data and could even result in the computer being blocked.
- The scammer asks the user to install a program on his or her device in order to fix the problem. The most common pretexts for the software installation are (1) to provide the technician with remote access to the machine in order to fix it or (2) to install a program that will automatically clean the machine. The perpetrators may provide the malicious program by email during the call or the victim might be directed to a website to download it.
- The malicious program’s functionality has changed over the years in order to evade updated antivirus software. Usually the malware will be lodged in and will take control of the victim's device, but without affecting normal operation. Thus, it manages to go unnoticed while it gathers data from social media networks, bank accounts, desktop files, etc. or it might lay in wait for an order to be used in other criminal actions such as being used in a denial of service (DDoS) attack.
A common practice in recent year has been the installation of the Emotet malware, a Trojan horse that undertakes hidden, malicious functionality in a program or file that is seemingly legitimate: The program recognizes and adapts to a machine’s security systems in order to avoid detection. It can usually take control of the machine's email application, sending spam to all the victim’s contacts, thus widening its net of victims.
- Once the cyber criminals have accessed bank account and social media credentials they can commit other crimes like SIM swapping, illegitimately duplicating the SIM card in order to supplant and block the original SIM in order to rob the original SIM holder.
According to the prominent cybersecurity specialist, Kevin Mitnick, everyone is vulnerable to a scams or fraudulent activities because, among our other traits, people don't like to say no. Still, there are confirmed cases when saying no has saved people from becoming yet more victims. The following simple tips and guidance are worth remembering in order to protect oneself from this kind of IT crime:
- Personal computer maintenance is always initiated by the user; therefore it will always be the user who kicks-off the process, contacting the official technical support team, not the other way around.
- If the supplier needs to contact the user, it will do so via informational messages and redirecting the user to an official web site in order to learn about whatever action might be required.
- Do not use links to download software or begin sessions; access the supplier web site by typing the URL into the browser in order to avoid corrupt links.
- Never give anyone your user data or passwords.
- Do not accept connections from unknown devices.
- In the case of corporate computers, follow the instructions provided by those responsible for equipment maintenance; contact them using a different channel from the one the potential cybercriminal may have originally used.
If you believe you are personally the victim of this type of scam, you should contact customer support for the software or hardware company involved. In addition, you should contact the proper authorities responsible for cybersecurity crimes in your country. In Spain, contact the cyber security helpline by calling 017. Remember: You are the best defense!