Every so often a scam comes along that might take you off guard. I had that experience the other day with a “tech support scam,” where I was contacted via email about a warranty that was expiring. It was from a company that I haven’t done business with in a few years so it took me a second to actually think through all of my devices and confirm that I didn’t have any reason to be contacted by that company. This scam is quite simple—simple enough to catch you off guard if you’re not 100% on your game. In today’s post we will take a look at how scammers use marketing and company names to trick you into handing over important details about your workstation or mobile device.
Just Another Email Scam
The form of the message that I received looked like a well-known company reaching out about one of my devices. It was sent as a .jpg (to avoid spam detection) with one line of text about reviewing the email and collecting some kind of tax refund, smartly engaging the recipient with something that’s currently on their mind. It has a product description (a Windows PC of some kind), and the only way to contact the company is through a telephone number. I would share a screenshot of the scam, but it’s full of legitimate logos and illegitimate contact info, so I’ll leave it alone—I reported it as a phishing email and it’s sitting in my spam folder.
This scam is just one of many that the FTC identifies as a tech support scam, which you might also be familiar with from pop ups on websites that tell you your device has a virus (something that you can see on a reputable website when a bad ad gets served).
In this scam, you reach out to the scammers, believing that they are a reputable company that you already trust, but when you reach out to them, they ask for compromising details or remote access to your workstation. Since they are supposed to be tech support, you give them access to these details or to your desktop so that they can “fix a problem,” but then they steal your data and then ransom control of your device back to you.
Search Engine Optimization (SEO) but for Scams
One other way that you can encounter these scams is through promoted listings in a regular web search. Scammers use the same tools as reputable companies to bolster their position on Google or Bing, meaning that they can make it pretty high up the list before their site is known to be fraudulent. Since the search companies claim that they aren’t picking and choosing what sites rise to the top (rather, they use an algorithm that determines the quality), there can be some lag between promoting something to the top and finding out that it’s a scam site. If you search for tech support for a specific product, the results may be a third-party claiming to offer support.
The main way to check the validity of support sites is to look at the address (domain name) of the website that you are on when seeking support. If there’s anything added to the name of the site (such as “support” or “service”) then you might not be on the actual product site, especially if it has a different top-level domain (.tk instead of .com, for example). It’s best to find support for your devices and services by going to the company’s main webpage, then clicking on their “Support” section, to help make sure that you’re dealing with the actual company.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team