The tech support scam is one of the more popular scams going around and has been for years. Why? Because it works. Remember when we talked about Social Engineering and Emotional Triggers (if not, you can read that article here)? This one uses the Fear Emotional Trigger.
Emotional Triggers
There are four emotional triggers.
- Fear and Urgency – We are scared in to acting without thinking or rationalizing the dangers
- Trust – We put our trust in the person and what we are being told is truthful .
- Curiosity – We are curious enough to find out if it is real that we don’t think it through first
- Sympathy – Our heart strings are pulled at so we act irrationally and without thought.
Fear and Urgency
Scammers know exactly what they are doing. They know how to get us to react. They study emotional reactions in order to make the most return. Remember, fraud is huge, huge business. In 2024 alone, Canadians lost $638 million. That is just Canada and that is not chump change. They are making money, so they will keep trying.
Using our emotional reactions like Fear and Urgency is one of the most profitable.
The Scam
The typical tech support scam will start with an unexpected phone call, email, or pop-up message. If you call the number on the popup, or they call you the story will be the same. They will pretend to be from Microsoft, Apple, or a fake security company. They claim to have evidence that your computer is infected. They will tell you that there are hackers on your computer and they are watching everything you are doing. They might claim that they have evidence that they have access to your bank account.
Right off the bat, you are scared. Naturally. The callers will sound convincing and will try to keep you on the phone. They will assure you that they can help you. If you agree, they will have you download software onto your computer that will give them access.
Once on your computer, they will run a few programs and it will look like they are doing a virus scan. You might see a bunch of pop ups saying virus found or hacker found.
All of this feeds on that fear emotional trigger. You also start to feel that trust emotional trigger kicking in. They look and sound professional, they are doing something to help you.
They will say that they can clean up your computer and also put you in contact with your bank to make sure they lock out the hackers and get your accounts secured. Now they ask that you pay them. This could be a few hundred dollars, or it can be more. At this point, you have seen evidence that your computer is infected, they might have shown you proof that they are in your bank accounts or maybe your Canada Services account, this is now affecting your pensions and Old Age Security. Of course you pay.
They might request you pay with your credit card, but most of the time they ask you to pay with gift cards. You run to the store and you buy the requested amount in gift cards and call them back. They continue to help you out.
Clean up
They clean up your computer, you see them doing it, you are seeing viruses being eliminated and firewalls kicking out hackers. All looks good. Next they make good on their promise and say they will put you on hold while they talk to your bank for you and explain what is going on. They come back and say you will get a call from the bank from the same number that is on the back of your bank card. They will know exactly what is going on.
You get the call a few moments later from your bank. They know everything and are ready to help you. They verify your information like your bank account numbers and any credit cards you may have. They assure you that all is taken care of. They end the call. Crisis averted.
What Really Happened?
Well, there was no virus, or hacker on your computer. It was all a scam. You called the number, or they called you, and you got connected to a scammer who then convinced you that there was a virus or hackers on your computer. They then got you to install remote access software so they could ‘help’ you. What they did is run a fake program that looked like it found viruses and malicious activity on your computer. They then asked you to pay in gift cards, why? Because they are untraceable. You can’t get your money back and you can’t verify who they went to. Those gift card numbers are sold on the black market / dark web. They are exchanged like real money. The people you gave the numbers off the back of the cards to probably didn’t cash them in. Someone probably halfway around the world did.
Next the scammers looked like they cleaned your computer of all malware / baddies. They then had the bank call you to secure your accounts. They call you from the same phone number on the back of your card because they spoofed the number. Spoofing is a old term for faking where something is coming from. It has been used in email, as in spoofed email address, and phone calls too. They can make the call display say anything, even the number on the back of your bank card.
Now, the Bank you are talking too, isn’t actually the bank. It is more than likely somebody in the same office or building where the original scammers you were talking to are based. They handed you off to other scammers. This time they got your bank account and credit card details. Who knows what they are going to do with that information?
Several Variations
There are several variations of this scam. In some cases, the user pays the initial fee with their bank account. Then the tech support offers the money back to the victim as token of good will. They intentionally overpay the victim. They show that they deposited the money into their account by adding an extra zero. As a result, $200 becomes $2000. They then instruct the victim to go and buy gift cards for the difference. This is so they can be paid back the extra amount. Convinced that the money has been put into their account, they go and get the gift cards. Later, they discover that no money was deposited back into their account. They lose $2000 of their own money.
These are just a few examples how this scam plays out, either way, you are out your savings. There is usually nothing you can do to get it back either.
What To Do If You Fall For This Scam?
If you, or somebody you know has fallen for this scam the first thing you should do is contact your banking institution and secure your accounts. Change your credit card numbers, sign up for credit protection etc. Secondly, secure your credit cards and any Canada Service accounts.
Contact the RCMP and notify them of the scam. Also let the Canadian Anti Fraud Centre know. They will offer assistance and suggest any other next steps.
Once you have the above secured, do a full scan of your computer. This will ensure that no remnants of the scammers’ software are left on there. These are pretty horrible people. You never know what they might have left behind to scam you with at a later date. You can run a free Malwarebytes scan to clean up your computer. Alternatively, take your computer to a qualified, trusted tech support company in your area to have it cleaned up.
Steps To Avoid The Scam
If you get a pop-up, email, or phone call stating that your computer is infected. Either run a free Malwarebytes scan to clean up your computer. Alternatively take your computer to a qualified, trusted tech support company in your area to have it checked out.
Never talk to somebody claiming to be from ‘Tech Support, ‘ especially if they say they are from Microsoft or Apple. These companies will never call you.
Never install any software that gives anybody access to your computer.
Never pay anybody in gift cards. No reputable company will ever ask you to pay in gift cards. This is 100% a scam.
If you get a pop-up, don’t click on it. Just close the browser or reboot the computer to make it disappear. There is a good chance that the pop-up happened because you went to an infected site. Sometimes hackers put malicious code into the comments. Malicious ads might also run on a website. I have seen these pop-ups visiting very trusted, well known news sites. Just make sure to not go back to that site.
If you get a phone call from a tech support company, hang up and block their phone number. Don’t answer calls from them again.
Report any attempts to scam you to the RCMP and the Canadian Anti Fraud Centre.