Tech Support Scam: Phishing for Personal Information over the Phone

The tech support phone scam never seems to meet its demise. After one version runs its course, it is not long until a new variation is making the rounds. In this type of phishing attack, scammers claim that they have detected a problem on your computer and offer to fix it — for a fee, of course. Adding insult to injury, they often make your computer more vulnerable to future cyberattacks.

Fortunately, a little knowledge can go a long way in thwarting tech support phone scams. By learning how they work and how to recognize them, you can avoid becoming a victim.

How Tech Support Phone Scams Work

While each tech support phone scam is unique, here is how these scams generally work. After identifying themselves as tech support staff members at Microsoft or another well-known company, the scammers tell you the bad news: They have detected a problem (e.g., malware) on your computer that needs to be fixed immediately.

To convince you that there truly is a problem, the scammers will often have you open the Event Viewer in Windows. At any given time, the Event Viewer displays errors and warnings for relatively harmless events, but the scammers will claim that these errors and warnings are evidence of the problem they told you about. Another tactic is to point out legitimate system files and claim they are malware.

Assuming you fall for the scam, what happens next depends on attackers' unique spin on the scam. Some attackers will have you download a free legitimate remote access application (e.g., GoToMyPC) if you do not have one already installed. They will then access and take control of your computer, claiming that they will fix the problem. In reality, they will likely change settings that could leave your computer vulnerable to future cyberattacks. Other scammers will have you install software that will supposedly correct the problem. More often than not, the software contains malware that will steal your online account information and passwords. The scammers might even try to enroll you in a bogus tech support program.

No matter how they plan to supposedly fix the problem, the scammers will first ask you to pay a fee. Once you provide your payment information either over the phone or through a website, the scammers will steal your money.

How to Recognize a Tech Support Phone Scam

It is pretty easy to recognize a tech support phone scam if you know the tell-tale signs:

  • You receive a phone call offering tech support out of the blue. It is extremely unlikely that large vendors will call you to let you know about malware or another problem on your computer.
  • Your caller ID displays something along the lines of "Microsoft" or "Tech Support." Do not believe everything you see. Caller IDs can be easily spoofed.
  • The caller claims that the errors and warnings in Event Viewer are evidence of a serious problem in your computer. Most likely, they are for relatively harmless events.
  • The caller tries to get you to download a remote access application or hand over control of your computer using one that is already installed. Legitimate vendors will never require you to immediately give them access to your computer.
  • The caller tries to create a sense of urgency or uses high-pressure tactics.

If you suspect that a call is a phishing attempt, simply hang up. It is best not to confront phone scammers, as they are getting more aggressive, according to experts.