Tech support scams have been around for a while. These may use many different kinds of approach, but the end result is still the same – to take money from the victim. And it seems that scammers have upgraded their style, by using fake technicians to gain remote access to your client's computer. Your customers are then manipulated to buy a useless program pretending to be an anti-virus. And having their credit card information exposed to scammers during the payment, there's no telling what these criminals will do with it.
While your customer's email access being leaked may not result to immediate financial loss, it can still turn out bad. For example, it can be used to facilitate fraudulent transactions or execute more scams. And for scammers to gain access to credit card and bank account information can have more serious consequences. With these kind of threats, your customers will naturally turn to you for technical help.
What answers can you give if your clients ask you what to do next?
How Tech Support Scam Works
Many of these scammers are able to gain your customer's trust by posing as technical support reps of a well known computer company. In some instances, these scammers succeed in gaining remote access to your customer's computer and employ scare tactics to coerce money. In addition, they also steal personal and financial information and install malware. On the other hand, pop-up browser windows simulating an anti-virus software can also fool people into purchasing a fake program or unknowingly download a virus that steals information from their computer.
And when crooks get control of even just your customer's email account, it opens an opportunity for other attacks. As an example – a scammer can reset your customer's bank account password even if that password is long and strong. Also, relevant information can be extracted from stored messages in the inbox: complete name, address, and personal affairs. Scammers can use these to mislead and pretend that they know your customers, and trick them to give up more sensitive information.
When Security is Breached
Your customers have reasons to feel dread and great concern when personal information stored in their computer is compromised. But as the IT expert, they leave it to you to make sure that there is no remnant of any malicious software. Will it be necessary to wipe their computer clean, and go for full format? Or will just an extensive scan be enough to reassure your customers?
Whether your customers allowed remote access to their computer or tried to download free software from an unknown source, chances are high that there is already a breach in their computer security. But even though they left this into your hands, it's still best to explain your assessment to your customers. And lay down to them what you think is their best option – either a thorough scan or execute a nuke and pave. At this point, your customers need assurance. And they would want to hear that their computer is no longer vulnerable when you are done with your work.
It's also best to ask them what other information they have stored in their computer or are incidentally stored in their email messages. Or you can ask them what other sites they visited online where they used their personal information. This may be out-of-scope for your expertise, but going the extra mile with your service is a chance to show your professionalism. But after you secure their computer; to what right direction can you point them?
Advice You Can Give
While as a technician you are not obliged to personally report scams, you should encourage your customers to report these incidents to the proper authorities. This will help the right agencies to warn others about current scams, monitor any trends, and disrupt these scams where possible.
The other advice is about damage control. Depending on what personal information was jeopardized, your customers can take the following steps.
Email and password. If they have not done so, change the password for any active email that your customers are using. If they have other online accounts using the same password, it's best to have them change those too.
Online login and password. Encourage your clients to log in to their online account(s) and change their password. If possible, they should also change their username. If they can no longer access their account, they should contact the company and ask how to recover or shut down the account. And if your customers use the same password in any other accounts, that should be changed too.
Debit or credit card number. Your customers should contact their bank or credit card company, cancel their current card, and get a new one. Remind them to review their transactions regularly to make sure no one misused their card and there are no fraudulent charges. Any autopay should be updated with their new card number, and they should also check their credit report if possible.
Bank account information. The US Federal Trade Commission recommends to close the bank account and open a new one if this information is possibly leaked in a scam. Again, remind your customers to review their transactions regularly to look out for fraudulent charges or withdrawals. If possible they should check their credit report and update any autopay with their new bank account number.
Yes, being victimized by a tech support scam can be a traumatic experience for your customers. As the IT expert, your customers count on you to secure their computer once again. But as an IT professional, you can also provide practical advice to your customers on how to cope with the aftermath of this scam. And help them secure their personal or financial information once more.
