Your PC has been infected. To remove the viruses, call Tech Support now.
What could be worse than seeing this menacing message across your screen? Don’t fall for it. These “warnings” are part of prevalent online scams giving scammers and hackers remote access to your computer. In 2017, the FTC received more than 150,000 reports about these scams.
How tech support scams work
Tech support scams prey on unwitting victims by using scare tactics. They trick victims into believing their computer has been infected by malware; and that their only recourse is to pay for unnecessary technical support services that will supposedly fix the affected computer, device, platform, or software problem.
Tech support scams take many forms. But the five most common ones are phone scams, web scams, pop-up messages, email scams, and online ads. Here’s how to spot them:
- Phone scams
Scammers call you and claim to be from the technical support department of a large tech company or well-known vendor. Then they offer to help solve your computer problems. Scammers can pull your phone number from publicly available phone directories, and might even bring up other personal information when they speak with you.
Once they’ve gained your trust (or instilled a sense of fear), they direct you to a legitimate-looking website to install software or ask for your computer’s username and password to “fix” the problem. Whatever method they use, their prime directive is to convince you to give them the ability to remotely control your machine so they can infect it to carry out their sinister plan, whether it is to steal your personal data or use your machine to infect others. (Most likely, both!)
Scammers often use software that can spoof phone numbers when they call you, so they can appear legitimate, at least as far as the inbound phone number looks. They may also use stolen mobile phones to do their dirty work. The point is that you may not be able to see the scam coming because it may look like an official communication, but stay alert and aware, and if you suspect you’re being scammed, hang up.
- Web scams
Scammer companies do a number of things to seem legitimate on the web. First, they register a typosquatting domain (or URL hijacking), which relies on mistakes such as typos made when inputting a website address into a web browser (i.e. twwitter.com instead of twitter.com or Gooogle.com vs Google.com).
Visitors who stumble upon these typosquatting URLs often get redirected to web pages with malware or sent to tech support scam pages. Once there, victims are bombarded with messages, like the one above, saying that their operating system has been infected by a virus. Or the page mimics the Windows ‘Blue Screen of Death’. These sites sometimes feature official (yet unauthorized) logos from well-known software and security companies.
The scammers instruct you to download a file that will allow their “technicians” to fix the problem remotely, giving them full control over your computer from a remote location. Victims are then charged between $150 to $500 for unnecessary tech support; and, what’s worse, the file that you downloaded was actually malware, which is now in your system, most likely scanning your files in search of personal info that can be used to commit identity theft.
This pop-up message scam once plagued Windows users only, but now targets Mac customers as well.
- Pop-up warnings:
If you’re browsing online and see an error message from your operating system or anti-virus software, treat it with caution. Such pop-ups aren’t being generated by your security software. Any message that tells you to call a number, pay for a protection plan, or click a ‘scan now’ button is a scam.
- Email scams:
Cybercriminals are sending phishing emails that mirror many well-known companies’ email addresses and logos. It works like this — the unsuspecting user receives an email that is purportedly from a legitimate brand like Amazon, Microsoft, LinkedIn, Alibaba, etc. The email gives the user false information, such as reporting that a previously placed order has been canceled or that there is a new message they need to open. The email contains a malicious link that takes the user to a spoofed website where messages (like the ones described earlier) appear.
- Online ads and listings on search results:
Many scammers create websites that list their services as tech support. Or they might run their own ads online, hoping you’ll call the phone number to get help.
How to protect yourself from tech support scams
- Legitimate tech support companies don’t call out of the blue. The callers will claim they’re from well-known software or antivirus companies. But remember that scammers can easily spoof official looking phone numbers, so don’t trust your Caller ID. Also, Microsoft and other companies do not send unsolicited email messages or make unsolicited phone calls to request personal or financial information, or to provide technical support to fix your computer. If you want to report a scam, you can do so on the Microsoft scam report page.
- See a scary pop-up message? Avoid clicking on any prompts to sign up for a service or call a number. Even clicking the X to close the window may inadvertently download malware to your computer. Instead, press Ctrl + Shift + Esc in Windows, or Command + Tab in iOS, to see which programs you have open, and fully close your web browser from here.
And, never give your credit card information to pay for something prompted by these pop-up messages.
- Look out for spammy sponsored links. When you search online for tech support, be wary of sponsored ads at the top of the results list. Many of these links seem legitimate but lead to businesses that scam consumers.
- Never give control of your computer to a third party unless you know it is the representative of a computer support team you contacted.
- See an unfamiliar email? Don’t click the links. Scammers also use email to reach victims. These messages point consumers to scam websites that launch pop-ups with fake warnings and phone numbers.
“OMG! I just fell for this tech support scam. Now what?”
- Paid a scammer with your credit card? Call your credit card company or bank immediately. They unfortunately have to deal with these issues often, and they will guide you through the necessary steps to reverse the charge, if possible. Contact them right away, before it gets too late to address the bogus charges.
- If you gave a scammer remote access to your computer, turn off the wireless connection or unplug it from the network ethernet cord. Update your computer’s security software and delete components it identifies as problems. You may need to back up your data, wipe the disks clean, and reload your operating system. If you’re uncomfortable doing this on your own, consider taking your computer to a reputable repair technician.
- Gave your username and password to a scammer? Change your password right away. If you use the same password for other sites and services, change those as well and make sure to use strong passwords.
- Monitor all of your accounts. Consider signing up for credit monitoring or an identity theft protection service.