Support scams are a genuine menace no one is safe from. They were responsible for $1.4 billion in damages in 2024 alone, representing a worrying increase of $500 million compared to the previous year. While the elderly might be scammers’ top targets, everyone can become a victim.
Knowledge offers the best protection, so take a few minutes to familiarize yourself with the tactics that scammers use on their victims and how not to become one yourself.
Common Engagement Tactics
Support scammers need you to engage with their “services” first. Here are the most common and successful methods.
- Robocalls and scam calls – This is the most direct cold approach. Scammers use leaked phone directories and other data breaches to get a hold of your phone number. They then call and pretend to be investigating fraud or offer to fix “problems” with your computer.
- Pop-up scareware – A shock tactic that relies on fear and panic to manipulate you. It’s usually a large and obnoxious pop-up that appears in your browser, claiming that your device has been infected and offering means of contacting tech support in order to “fix” it.
- Fake emails – Pretend to come from a bank, well-known software company or shop, etc. They claim there’s something wrong with your account or payments and urgently require you to take steps to address this. The email can be a standard phishing scam that takes you to a fake login page, or it may include a fake customer support number to contact instead.
- Website and ad exploits – Scammers will often take advantage of poorly-secured sites and ad networks. For example, they can infiltrate a poorly-secured but otherwise legitimate website and add pop-ups or information like fake customer service numbers that visitors believe are a core part of the page.
- Typosquatting – Preys on people who are looking for a specific website and misspell their search. It happens when someone buys a domain name similar to the real one, like “rnicrosoft.com”, and creates a fake, malicious copy website.
- SEO poisoning – Another sneaky tactic that affects people who may actually need help. It involves manipulating search engine rankings or paying for ads that provide false information. For example, you might need a company’s tech support hotline and will trust Google to give you the number. If a poisoned search is at or near the top, you may end up calling a fake number.
How Scammers Try to Gain Access
Once you fall for the hook, scammers will try to obtain your login credentials or access your device in various ways. Below are the most common tactics and tips on how you can avoid them.
Fake login portals
Websites you’ll most likely end up on after clicking on a phishing link. They look like convincing copies of legitimate banking portals and other login pages, down to the layout, logo, and color scheme. The scammers then capture and can immediately use any credentials you enter, locking you out of your accounts.
How to avoid: Use the best password manager. It’s good common-sense advice to have strong, unique passwords since getting one stolen won’t compromise others. However, there’s an even more useful benefit. Password managers can autofill credentials on legitimate sites. If that’s not happening on a login page you clicked on, chances are it’s fake, and you should backtrack. Credentials as verification
The scammers might ask for credentials as proof of account ownership and then use that to take control. Victims who believe they’re talking to a legitimate support specialist might think this is logical and give in.
How to avoid: Never give out account details, as legitimate support reps can already pull them up. Real verification usually happens through reset requests and one-time codes.
Remote access tools
It’s common for scammers to ask you to install remote viewing software so they can access your device to diagnose and fix the “problem.” They’ll use something like RemoteViewer or LogMeIn since these are legitimate and less suspicious. However, they can still copy files, search for login info, or install malware once access is granted.
How to avoid: Refuse to install remote viewing software or share your screen. Only do so if you were the one who reached out to official support first with an actual problem. Always verify that you’re talking to a real representative, too.
Malware installs
You might also be asked to install a supposed system update or “repair tool.” The harmless-looking tool may then install malware and keyloggers that persist even if you remove it. These can remain active long after, sending the attackers information on your activities or uncovering credentials based on your keystrokes.
How to avoid: Only install software from official download links, and regularly scan for malware even then. Some VPN providers offer threat protection features like email protection that block access to known malicious domains. This may prevent you from interacting with harmful downloads hosted on such sites.
Conclusion
Customer support scams aren’t only on the rise, they’re growing more sophisticated. Being tech-savvy helps, but keeping up with the latest trends will let you always stay a step ahead.
