Tech Support Scams Surge 24 Percent

The number of technical support fraud cases reported to Microsoft surged by 24 percent year-on-year in 2017 to 153,000 complaints around the world, with 15 percent of those targeted losing money, the company said.

People in 183 countries reported being involved in such scams, with the funds lost being between $200 to $400 (£143 to £287) per person in most cases.

In some instances much more was at stake, with a Dutch individual losing 89,000 euros when scammers drained his bank account.

The figures follow a report from anti-fraud agency Cifas last week which found that individuals over the age of 60 were most likely to be hit by a related form of fraud, in which scammers place cold calls to “verify” security information such as an online banking password, which is then used to commit crime.

Nuisance calls

Similarly, Ofcom last year reported that cold calls related to “computer support” jumped from 4 to 6 percent of all nuisance calls. Those received by people over-55 were significantly higher than for younger people, Ofcom said.

The technical support fraud cases reported by Microsoft varied widely, with individuals contacted via scam websites, email campaigns, malware used to display fake error messages or unsolicited phone calls.

The computer-based contact methods often involve posing as a legitimate entity – including Microsoft itself – and convincing a user to contact a call centre.

Once users are linked by telephone, scammers persuade them to install a remote administration tool (RAT), which they then use to make it appear their computer has a problem.

The person targeted is pressured to pay to have the issue fixed, and the scammers may later use the RAT to steal information such as banking passwords, leading to a further loss of funds.

Wider problem

Microsoft noted that the cases reported to it only hint at the wider scope of such scams.

“The problem is so much bigger, given that tech support scams target customers of various other devices, platforms, or software,” wrote Windows Defender research project manager Erik Wahlstrom in a blog post.  Wahlstrom also delivered a talk on the subject at RSA Conference 2018.

He said users can be educated to avoid such scams, noting, for instance, that Microsoft never includes phone numbers in legitimate error or warning messages.

But he said the scams are so complex it’s difficult to raise awareness about them all. And that, of course, is why scammers continue to use them.

“Social engineering attacks like tech support scams are so common because they’re so effective,” Wahlstrom wrote.

“It can sometimes be easier to convince users to willingly share their passwords, account info, or to install hazardous apps onto their device than to develop malware and steal info unnoticed.”

Do you know all about security? Try our quiz!