How to avoid remote tech support scams during a crisis
This blog was originally posted on March 27, 2018.
According to the FBI’s 2019 Internet Crime Report, over 13,000 tech support scams caused $54 million in losses in that year alone—and that’s just what was reported. This means there has been a 40 percent increase in losses since 2018. Needless to say, it benefits all technology solution providers (TSPs) to make sure they’re taking the time to help their clients recognize the red flags before it’s too late.
If you work in the technology industry, it’s likely you’ve gotten a call from an upset client who’s fallen prey to a tech scammer. They saw a pop-up notification offering a free security scan, or received a scary email informing them that their computer was infected and all their files were at risk. Or maybe they got a phone call from a someone claiming to be a support technician from a trusted company advising them to hand over control of their machine right away to prevent further disaster.
Disturbed by the notion that they might lose all their data, they complied with the instructions and allowed the stranger on the other side to remotely access their machine. It’s possible that they’ve received legitimate remote support in the past, so they knew what to expect. After all, even the caller ID looked legit.
Unfortunately, you know all too well how the story ends. The scammer gains access to the device and then requests payment for fixing a non-existent issue, and possibly installs malware or spyware for easy access later. Your client is left feeling violated and confused. Now, they’re knocking down your door for help.
As many businesses around the world have made the transition to a fully remote workforce due to COVID-19, scammers are on the rise, trying to take advantage of any opportunity the can to infiltrate data. With a few bumps in the road in this shift amidst coronavirus, as is expected with any big transition, scammers are on their A-game to take advantage of this transition.
The FBI actually had to start sending out alerts in March because of the severe rise in cybercrime related to COVID-19. They have since issued detailed reports that outline scams related to health care fraud, cryptocurrency, and medical supplies.
So, how do you avoid remote tech support scams during this crisis and ensure the safety of your clients?
Client education is key
Getting ahead of the situation with client education will play a key role in keeping your end users safe. Use the document and video above to help reinforce these warning signs in tech support fraud, remote support scams, and overall suspicious behavior:
Unexpected phone calls
Let them know that if they ever receive an unsolicited phone call from someone saying there’s an issue with their computer, they should hang up immediately. Make sure they understand that your business, and other major tech companies, will never call them proactively to offer remote support services.
Suspicious pop-up messages and emails
Remind your clients that they should never trust notifications or messages that require them to call a phone number or go to an outside link to fix the issue, no matter how convincing they seem. They should always contact you or a trusted tech company first.
Fear tactics
The most powerful tool in a tech scammer’s arsenal is fear. Make sure your clients know that legitimate technology professionals will never use fear or coercion to gain access to their machine, push them to make quick decisions (“or else”), or ask them to share personal information via chat, email, or phone.
Unsolicited remote support
If there’s one key thing you impart on your clients, it’s that they should never let someone they don’t know take control of their devices unsolicited. No legitimate company will ever proactively offer tech support. They must always be the ones to initiate those services.
COVID-19 tactics
Some of the most prevalent scams you’ll see related to coronavirus prey on the fear the global uncertainty caused by this pandemic, including implementing tactics such as:
- Emails offering (non-existent) vaccines or treatments for COVID-19, sales of N95 masks, fake medical supplies, PPE, or “miracle cures” for the coronavirus
- Non-existent charities claiming to be aiding in the pandemic
- Pitches for equipment or services to enable employees to work from home
- Videoconferencing compromises (where an unauthorized person joins a conference)
- Tech support fraud targeting remote employees who are called with remote access
- Scams involving coronavirus stimulus payments intended to get a bank account number submitted in place of yours
The time and effort you spend showing your clients that you care about their cyber safety will uphold your business as a trustworthy source of technology expertise; after all, you’re the “good guys” in the tech realm.
Secure remote support software
There’s another side to the tech scam coin that plays a role in the safety of your end users, and that’s the remote support and access software you work with. It’s important to choose a solution that comes equipped with user friendly safety features on both sides, that can work to instill confidence in your clients like these:
- Give clients full control over connections to their devices with permissions-based access
- Let them watch the technician with options to chat during the session–or end it–when they choose
- Offer the ability to automatically remove the support client from their device at the end of the session
- Limit tech access to certain functions with role-based security permissions
- Enable session audit capabilities, like video recordings, that capture the details of what took place
- Opt for two-factor authentication for all remote logins
- Encourage clients to frequently update their login credentials (and to choose strong passwords)
- Secure, persistent connections for access that don’t require your clients to take any additional action
- Use LDAP or Active Directory user authorization services
Proactive and continuous client outreach and education will go a long way for showing that you care about your clients’ cyber safety. And if you pair those efforts with remote support and access software that offers transparency and security, you’ll be well on your way to establishing your business as a trusted technology advisor.
In the end, the better your clients understand how you and the software you use keeps them safe amidst this crisis and beyond, the more value they’ll see in your services. Show them you are there for them when they need it most by keeping them informed, educated, and protected.