So how can you protect yourself? And the less tech-savvy members of your family?
Know your enemy
No scamming technique stands still. Tech support fraudsters move from phone calls, to social media, to email and back again, using an ever-changing combination of methods to try and dupe unsuspecting people out of their cash. Even if the scammers’ hit rates are low, it can be a very lucrative exercise.
Broadly, we’re talking about cons where someone will contact you claiming to be a technical support specialist, perhaps from Microsoft or another well-known tech firm. Your computer has a serious problem, they might say—before supposedly guiding you through the process of how to fix it, which almost invariably involves giving the scammer access to your machine.
More recently, fraudsters have switched to claiming to be from law enforcement agencies, or from customer support teams. The bottom line is usually the same though: You’re going to be in trouble if you don’t act fast, so install something I tell you to, or give me access to one of your accounts.
These type of misdirections can even happen as you browse the web, through poisoned pop-up advertising or deceitful, SEO-optimised advertising. It might be that just as you’re searching for problems on your computer, you come up with links to shady operators who are intent on making your problems a lot worse.
The warning signs
Spotting a scam like this isn’t as easy as you might think—so rule number one is don’t get complacent. That said, there are warning signs and red flags to look out for.
Unsolicited contact is usually a big giveaway. No one is going to ring you and offer to help fix your computer, and certainly not Microsoft. The same goes for pop-up windows, emails in your inbox, links that appear over social media, and so on—be very suspicious of anything unexpected. The only warnings you should really be paying heed to are those that pop up from your installed security software suite (you do have one installed, right?).
Any time you’re suddenly asked to install something from the web, or call a phone number, or visit a website, back away. If whoever is making contact is claiming to be from a trustworthy organisation—like your bank or your computer manufacturer—then you can get in touch with that organisation directly using its official website or official phone numbers to see if the contact is genuine.
Scams like this rely on you revealing something personal about yourself, either through a fraudulent website, or over a phone conversation, or via a social media chat. Be very wary whenever you’re asked for any kind of account details, or information that could identify you, especially if you feel like you’re being rushed—chances are you’re being conned.
If you do think you’re being played, cut off communication as quickly as possible. There’s no shame in putting the phone down or switching off your computer at the earliest opportunity if you’re worried about something that’s appeared (though try and keep this as a last resort if you don’t want to lose unsaved data).
Beyond watching out for the warning signs we’ve already mentioned, when you’re searching for help on the web or checking whether an alert is genuine, avoid sponsored search results—if someone’s paying to get their information out there, they might not be all that trustworthy. Stick to the tech sites and support portals you know and trust.
Microsoft, Google, and the other tech companies are working hard to keep users protected, so take advantage of their diligence. Make sure your software is always right up to date—operating system, web browser, music player, the lot—and get a solid antivirus and antimalware package installed, even if you’re on a Mac. For Windows, Microsoft’s own Windows Defender will do the job, but you’ve got plenty of third-party options too.
We can say with some confidence that an unsolicited tech support call—or a prompt to ring a tech support number—will almost always be a scam, but spotting fraudulent links isn’t so easy. We’ve written before about how to be on your guard: Check the source, check the context (spam messages can come from friends, if those friends have been hacked), and in general don’t do anything in haste.
If you are logging into a site or entering sensitive information anywhere on the web, make absolutely sure that the site has HTTPS enabled, usually indicated by a green padlock symbol in the browser address bar. You should limit your exposure to potential threats too, which includes steering clear of pirated media.
Scammers need a way into your system and past the defences that are in place. As Microsoft points out, that means you need to be careful about what you install, where you go on the web, and who you communicate with. As always, we’d advise keeping the number of third-party apps connected to your online accounts down to a minimum.
If you or someone you know has been caught out, don’t panic. Remove anything that’s been installed as soon as you can and consider a full system reset to clear out malware that might have infected your machine (it’s easier than you might think, if all your important data is safely backed up somewhere else). A thorough security scan is always worth doing, after updating your antivirus.
There are official channels to report scammers through, as well. Even if you don’t think it’s worth the trouble for yourself, the more information that tech firms and the authorities can gather, the easier it is to stamp out these sorts of practices.
Head here to report a scam that specifically references Microsoft or Windows. You can log the fraudulent company name, physical address, website address, date and time of contact, and method of contact used, if you can remember all that. You can give Microsoft permission to follow up on your report with you as well.
For more general scams, you can file a complaint with the ACCC or Scamwatch. Again, you get the opportunity to provide a detailed report on what happened, including who contacted you and when, and any money or information that was lost along the way.