Tech support scams work because they try to trick people into believing there's a serious security crisis with their computers, says Norton Labs.
You receive a phone call, an email or a popup on the web claiming that your computer is at risk and that some security firm or product is needed to fix the problem. Though such scams seem obvious to people knowledgeable about cyber threats, many people still fall for this type of ploy. In fact, the tech support ruse was the number one scam described by Norton Labs in its new October Consumer Cyber Safety Pulse Report.
SEE: Fighting social media phishing attacks: 10 tips (free PDF) (TechRepublic)
Tech support hoaxes topped Norton's list of phishing threats for 13 consecutive weeks from July 1 through Sept. 30. These scams are designed to trick you into believing that your computer is facing some dire security risk.
In reality, the criminals behind these con games want to steal your personal information, gain access to your bank account or install malware on your PC. Many scammers will employ standard phishing tactics by impersonating the names of major technology companies such as Microsoft, Google and Apple.
These ploys proliferate for a few reasons, according to Norton. They take advantage of the increased need by people to use their devices to juggle hybrid work and home life. They capitalize on FUD (fear, uncertainty, doubt) by trying to frighten people into believing that there's something wrong with their computers. Further, they continue because they work. Norton also expects these scams to take off further as we head into the holiday season.
The best defense against these tech support scams is awareness, according to Norton. Never call a phone number based on a pop-up notification or warning. Instead, contact the company directly through its website. The same advice holds true for any emails you receive claiming a security problem with your PC. And if you get such a phone call, simply hang up.
But tech support scams aren't the only threats covered in Norton's latest Pulse report.
Gamers are another audience that cybercriminals like to target. In one particular phishing campaign, attackers went after people who play RuneScape, a popular and free multiplayer online role-playing game. The initial goal was to steal the login credentials of players. After RuneScape developer Jagex added such security measures as two-factor authentication, the scammers countered by concocting phishing emails designed to steal the 2FA codes.
To avoid falling for phishing scams, don't click on links from unexpected emails or text messages. Instead, browse to the website of the service listed in the message to contact the company directly if necessary.
In another incident, a phishing campaign targeted Citibank customers by spoofing the bank's actual home page in an attempt to steal account credentials. In this case, remember that your bank will never send you emails or texts asking you to sign in with your account.
In a gift card scam, attackers used a certain website to try to guess gift card numbers and PINs until they found the right combinations. They then resold those cards online. With this scam, Norton advises people to always check the value of a gift card after you obtain it.
- Ransomware attack: Why a small business paid the $150,000 ransom (TechRepublic)
- Expert: Intel sharing is key to preventing more infrastructure cyberattacks (TechRepublic)
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Security threats on the horizon: What IT pro's need to know (free PDF) (TechRepublic)
- Checklist: Securing digital information (TechRepublic Premium)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)