STOP THE MADNESS!! It drives me crazy when a client calls me AFTER spending an hour on the phone with some tech support scammer, and then thinks to call me after they have a problem “fixed” that they never had in the first place.
One of my clients recently fell for an interesting variation of the Tech Support Scam. She did a Google search to find the HP technical support number, but the company she called, while at the top of the search results, was NOT Hewlett-Packard. Neither of these companies shown below are HP or work for HP, but they appeared at the top of the search. iYogi is an India-based tech support firm that I have run across many times, often under questionable circumstances. These are paid for ads, not search results
My client was looking for help getting her scan-to-computer function working on her computer. Her hard drive had been replaced under warranty with a new factory image, and a lot of stuff was missing. Anyway, the support tech who took the call actually did the requested work, before shifting into scam mode. He insisted that he had discovered malware (on a NEW FACTORY IMAGED HARD DRIVE!) and by the end of the session had extracted $700 from my client. What is worse, he had her pay by bank transfer rather than by credit card. This was a new twist to defeat the losses these scammers had been faced from declined credit card charges. This gave her no recourse to dispute the charges later with the credit card company, as I advised her to do. This meant that the bad guys had her bank routing and account number, which meant they could come back later and take whatever money was left from her checking account. So the whole bank account had to be closed.
Here are Bob’s Rules to help you avoid tech support scams:
- Don’t talk to strangers! Didn’t your mom warn you?
- If you have a relationship with a tech support person, hang up and call them first. And if you don’t there are plenty of honest, reliable, locally based tech support companies to choose from. Why are you working with someone from India?
- If you get one of these calls, HANG UP! Every time!
- If you are calling tech support at a reputable company, make sure it is the real company, not some impostor.
- Look at the web addresses in the Google Search results. Don’t just pick the one at the top, this is a paid advertising insertion, and rarely the genuine article. If you want HP, the web address should be www.hp.com not www.fakesupport/hp
- Nobody is monitoring your computer for malware so they can call you and tell you about it. This is ALWAYS fake. (The rare exception is when your company has your tech support monitor all the computers, and if they call they will not be asking for your credit card number.)
- If they are from overseas, you have no legal recourse.
- Always pay by credit card, so you are protected from fraud and can later dispute the charges.
- NEVER pay by bank transfer.
Please just stop being fooled by these scammers, and save yourself a lot of time and money. Security consultant Frank Abagnale (the subject of the movie “Catch Me If You Can”) and AARP has teamed up to provide the Catch the Con Quiz. Here are other resource you can use to learn what the new con men are up to.
Related articles:
- Catch the Con Quiz.
- Fake Telephone Support Operations
- Fake Tech Support in Google Search Results
- Tech Support Via Telemarketing
- Pop-Up Security Alert Tech Support Scams
OCT
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com