Protecting Against Tech Support Scams

Garden State Cyber Threat Highlight

Informational Report

Original Release Date: 3/10/2021

What are tech support scams?

Tech support scams are social engineering attacks in which scammers contact a user via a website pop-up or notification, phone call, or email in an attempt to convince a user that their system requires technical support. The scammers' intent varies; they may attempt to steal money, obtain sensitive personal information, and/or gain access to the user's device.

How do I identify tech support scams?

Regardless of the initial contact method, the user is instructed to call or message the scammer in order to speak with a "tech support technician" who will remove the malware from the user's device. The scammer will often claim that the user needs to purchase an anti-virus software - often costing hundreds of dollars - in order to clean their system. The scammers then steal the user's financial information to make fraudulent purchases. Alternatively, the scammer may request remote access to the user's device in order to clean the system. If remote access is granted, the scammer could install malware that allows them to log the user's keystrokes and steal passwords for sensitive accounts such as online banking and email.

Beware of US-based Tech Support Scams - Malwarebytes Labs | Malwarebytes  Labs      Common Tech Support Scams: How to Identify and Avoid them      Phishing | Phishing Examples

How do I protect myself against tech support scams?

These scams often request the user to call a toll-free number or will call the user using spoofed numbers of legitimate companies. The scammers also emit a sense of urgency in order to convince the user to act before thinking. Tech support companies or technicians from device makers, such as Microsoft or Apple, will not contact individual users to inform them that their device has been infected. Users are reminded never to give financial or personal information, or access to your device to someone you do not know and whose identity has not been validated. If you would like to purchase anti-virus software, conduct research and visit official company websites for purchase.

I fell victim to a tech support scam, what do I do?

If you provided payment card information to the scammer, contact your associated bank or card company immediately to prevent additional unauthorized use and request a new payment card. If fraudulent transactions already occurred, dispute these charges with the card company.

If you provided sensitive information, such as personally identifiable information, visit https://identitytheft.gov to report identity theft and receive guidance on a recovery plan. In addition, place a credit freeze on your credit profile to prevent anyone from opening a new credit account using your information. For instructions on how to place a credit freeze, review the NJCCIC informational report, Freezing Your Credit.

Where do I report tech support scams?

Users who are targeted by a tech support scam are advised to report these attempts to the Federal Trade Commission (FTC) and to the NJCCIC via our incident report form. Users are also encouraged to spread awareness of these scams to others in order to reduce victimization.

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.