Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • Microsoft reported a 24% increase in reports of tech support scams in 2017.
  • Microsoft says that industry-wide collaboration is required to stop the rise of tech support scams. Until that is achieved tech support teams need to take practical steps to prevent users from falling prey, which mainly involves educating them to notice the signs of a scam.

Tech support scams, which rose by 24% in 2017, may require industry-wide cooperation to solve, Microsoft said.

The scams, which involve tricking an unsuspecting user into paying a scammer to remove fake or nonexistent malware, are an attractive alternative to complicated coding and make online crime accessible to the average criminal without a tech background. Most instances of tech support scams only net the attacker a few hundred dollars, but some have managed to clear out entire bank accounts.

“It can sometimes be easier to convince users to willingly share their passwords, account info, or to install hazardous apps onto their device than to develop malware and steal info unnoticed,” Microsoft’s Windows Defender research project manager Erik Wahlstrom said.

Microsoft is concerned with the growing popularity of tech support scams not only because they target Windows users–they target other platforms as well–but because it’s a growing problem that the best defenses can’t stop.

“Microsoft has built the most secure version of its platform in Windows 10,” Wahlstrom said, but “Many cybercriminals instead choose to target the humans in front of the PCs.”

What a tech support scam looks like

Scam websites with fake warnings, email campaigns with malicious attachments, malware, and cold calling are all methods scammers use to convince users to give up their information.

Regardless of the ingress point, the end goal for scammers is to get someone on the phone with a fake support specialist who convinces them to grant remote access to their machine so the scammer can trick them into believing they have malware.

Very little technical expertise is required to commit this popular form of cybercrime–all a “support specialist” needs to know is how to install a remote admin tool like LogMeIn, open the Event Viewer or navigate to a website that spoofs antivirus warnings, and a apply a bit of con artistry.

A collective approach to combating scams

Microsoft is concerned about tech support scams because they can largely bypass current security solutions by targeting humans instead of machines. That means that user education is key to fighting those scams, but it may not be enough.

There are telltale signs that a user is in a tech support scam funnel, and users can be trained to recognize them, but without getting at the scammers themselves, Microsoft said, fake tech support will continue to be a risk.

SEE: Incident response policy (Tech Pro Research)

While Microsoft doesn’t provide any specifics as to how it thinks cooperation between tech businesses should work to combat tech support scams, it does give several examples of what individual organizations can do to start fighting it on their own:

  • Web hosting providers should work to take down tech support scam sites when they’re discovered.
  • Telecom networks should block scam phone numbers when reported.
  • Browser developers should blacklist scam websites and make changes that thwart common techniques.
  • Antivirus software should add known tech support scam software to its definitions.
  • Financial networks need to protect consumers from fraudulent purchases.
  • Law enforcement should be empowered to find and apprehend scammers.

Without industry-wide cooperation those suggestions may be useless: Law enforcement requires information gathered from tech companies to act, financial networks need to know which recipients to monitor, telecom networks need to be told which numbers to block, and so on.

Until the day comes when all interested parties wake up to the threat severity that tech support scams pose, IT teams will need to continue to educate users on what to watch out for. That is, unfortunately, the only practical solution for now.

Also see