Microsoft received 153,000 reports of tech-support scams from as many as 183 countries last year that resulted in 15% of victims losing money in the process, Erik Wahlstrom, Windows Defender Research Project Manager, recently revealed in a blog post.
Almost every person using the Internet may recall having received text messages, emails or phone calls from people claiming to be associated with well-known technology vendors and offering new hardware or software solutions or system upgrades in exchange of money.
The unchecked rise of tech-support scams
Many of such solicitations are dishonest, fake and mere attempts to defraud customers for financial gain and are predictably called out by many people who are aware of such scams. Tech-support scams, however, are far from becoming extinct and, as Microsoft's figures show, are part of a growing cyber fraud industry that continually seeks to exploit the human factor for financial gain.
In an eye-opening blog post last week, Erik Wahlstrom, Windows Defender Research Project Manager, said that the total number of tech-support scams reported to Microsoft in 2017 grew by 24 percent over the previous year and in all, Microsoft received as many as 153,000 complaints from customers from 183 countries.
Fifteen percent of victims targeted by tech-support scam reportedly fell for it and lost money in the range of $200 and $400. In one such case, a fraudster stole €89,000 from a victim's bank account after defrauding the victim during a tech support scam in the Netherlands.
Even though Microsoft has introduced various solutions such as URL blocking, an efficient antivirus detection solution, browser security and email security solutions, the huge rise in the number of tech-support scams suggests that a lot more needs to be done in order to repel or deter fraudsters.
"Scammers continue to capitalize on the proven effectiveness of social engineering to perpetrate tech-support scams. These scams are designed to trick users into believing their devices are compromised or broken. They do this to scare or coerce victims into purchasing unnecessary support services," Wahlstrom said.
He added that the true count of successful tech-support scams could be much higher considering that many of these scams go unreported and that aside from Windows devices, fraudsters regularly target devices, platforms or software from other vendors as well.
Typical tech-suppport scams involve hackers targeting victims with ads, search results, typosquatting and other fraudulent mechanisms and also populate malicious websites with browser dialogue traps, fake antivirus detecting fake threats, and fake full-screen error messages. Once users click on malicious links, the fraudsters install remote access tools (RATs) in their systems which make system changes and display fake error messages, thereby convincing users that their systems are at risk.
Such victims are then bombarded with telemarketing calls from scammers that pretend to be from a vendor’s support team and promise to patch their systems in exchange for payment.
How to fight against such scams?
Wahlstrom added that in order to reduce the success rate of tech-support scams, device owners should be educated to spot tell-tale signs of such scams such as unsolicited calls, and warning messages that have phone numbers. At the same time, they should be encouraged to use the latest anti-malware solutions and to keep their devices updated at all times.
"The fact that tech-support scams have been a well-known attack vector for some time now, and still seem to be an attractive option to cybercriminals, is an indication of the importance of user-education," says Tim Helming, director of product management at DomainTools.
"We must reframe the conversation around cybersecurity to include not just security teams, but the width and breadth of an organization. Cold calling, false alerts and phishing emails are at the core of any social engineering attack.
"Social engineering seeks to play on human error, and educational initiatives could help these entirely preventable incidents from affecting an organizations operation capacity, or indeed their bottom line," he adds.