By Finn Faldi
It’s hard out there for a fish. Anglers are coming at you with their tackle box full of flashy lures. You’re swimming along, enjoying the scenery, and all of a sudden there’s a tasty-looking tidbit to grab. Do you go for it, or is it a trick?
Scammers and cybercriminals are a lot like those wily trawlers. But you don’t have to play the part of the hapless fish. You can escape the hacker’s hook by following basic survival strategies and being more mindful when responding to unsolicited emails, phone calls, and online offers.
As information and network security tools become more advanced, many bad actors find that it’s easier to trick humans than to keep modifying their exploit kits so they can bypass or undermine cybersecurity software.
Unfortunately, people can be slow to learn from their mistakes, and it’s hard to break bad cyber hygiene habits. We’re well trained to respond to the pings and alerts on our phones and laptops, and often do so in autopilot mode. These understandably human instincts play right into fraudsters’ hands. And when these scammers leverage the inherent vulnerabilities of collaborative or remote access software, it can be harder to contain and fix the resulting damage.
One of the most common types of fraud is known as a tech support scam. In March, the FBI posted a warning specifically addressing the rising incidence of this type of phishing attack. Their description highlights the variables that scammers employ:
“Criminals may pose as a security, customer, or technical support representative offering to resolve such issues as a compromised e-mail or bank account, a virus on a computer, or to assist with a software license renewal. Some recent complaints involve criminals posing as technical support representatives for GPS, printer, or cable companies, or support for virtual currency exchangers.”
Often, if the fraudsters are able to get their unwitting victim to believe that they are legitimate, they will ask the user to install legitimate software (e.g. TeamViewer), thereby enabling the criminal to access and manipulate the victim’s computer, data and even bank accounts. They may also monetize the scam by soliciting the victim for a one-time payment or subscription fees for their “services.”
Following are some simple tips to help you steer clear of social engineering scams:
Before giving any information to an unknown caller or email sender, STOP and THINK. If anything at all seems odd or non-routine, check with a trusted advisor before you proceed. It’s not rude to hang up on a scammer.
Look and listen for red flags: Emails and websites that ask you to call a number. Anyone you don’t know asking for remote access to your computer. Callers who are aggressive, unprofessional, or obviously calling from a foreign country. Websites that suddenly flash fake blue screens and pop-up alerts that freeze your browser to scare you into calling the displayed number. Legitimate companies do not do any of this. Also check URLs when online and before clicking on links – very often irregular URLs are clearly visible, or you can hover over a link to confirm fraudulent addresses.
Don’t trust someone just because they have personal details about you. They could have found that information in multiple places online, or they could be making an educated guess. Many scammers are persuasive, manipulative, and have a talent for deception.
Scammers have tools for spoofing phone numbers. They can make it look like they are calling from a local number or a legitimate organization.
If you think you’ve fallen prey to one of these scams, contact a trusted IT support professional. If you paid any fees to the fraudulent callers, call your bank and file a police report. You can also report the incident to a consumer protection organization such as USA.gov and the FTC. If legitimate software (e.g. Microsoft or TeamViewer) was leveraged or referenced in the scam, you should report the incident to that company.
Trustworthy organizations do not call out of the blue to diagnose or “fix” problems on your computer. Scammers often pretend to be calling from an Internet Service Provider but ISPs do not conduct business this way; if they need to convey information about updates or issues, they will send an email, and you can verify the email by calling a trusted customer service number. Likewise, even if you are a customer of a company like TeamViewer or Microsoft, they will not call you and demand sensitive information or remote access to your computer. When in doubt, hang up and call back using a number you already trust, or find one on the vendor’s public website.
Download software only from official vendor websites. Software (including plug-ins, anti-virus agents, widgets, and browser bars) provided on third-party sites may have been modified without the original maker’s consent or knowledge. Scammers often hide malware in seemingly legitimate software downloads.
Stay up to date on the latest scams. The FBI and FTC post warnings. Many cybersecurity and industry newsletters regularly provide related updates.
As the fish say, always remember to look before you leap. A moment’s pause when responding to unsolicited phone calls and emails could save you from losing time, money, and control over sensitive data. T
Security solutions can’t defend against every type of criminal cyber attack. Protect yourself, your family, and your assets by taking on the responsibility of giving the slip to social engineering traps.
About Finn Faldi
Finn Faldi is President of TeamViewer Americas, responsible for North, South and Central Americas, including all marketing, sales, channel partnerships, customer support, human resources and operations. He is a proven leader, entrepreneur and mentor in the technology industry and joined TeamViewer in January 2018. Previously, Faldi was SVP, Partner Revenue Officer at Lifelock, a consumer identity-theft protection company that was acquired by Symantec in February 2017 for $2.3 Billion.