CIO Influence
CIO Influence News Security

Avast Threat Labs Finds U.S. most vulnerable To Tech Support Fraud

Avast And RiskIQ Form Threat Intelligence Partnership

Nearly 10 Million Attack Attempts On Computer Users In The U.s. Identified From January Through March 2021, Trend Likely To Continue Post-pandemic

Avast (AVST), a global leader in digital security and privacy, reports tech support fraud remains a massive issue in the U.S. According to Avast Threat Labs, users in the United States are most frequently attacked by technical support fraud.

Recommended ITech News:  Privacera Triples Revenue and Expands Customer Base – Helps Federal Agencies and Fortune 500 Companies Establish Data Security

The COVID pandemic accelerated this concerning global trend, particularly in the United States and Canada. According to the FBI,

tech support fraud was one of the top three crime trends in 2020. As more people began relying on the internet for everyday pursuits, this illicit activity increased by over 171 percent from 2019. These scams are particularly insidious as they disproportionately prey on susceptible populations, including those over 60 years of age. Worse still, although seniors make up 66 percent of the victims of tech support fraud, they shoulder a disproportionate amount of the losses at 84 percent in the U.S., which translated to $116 million in 2020.

How Tech Support Scams Work

Tech support scams happen when fraudsters use scare tactics to trick innocent individuals into purchasing overpriced and unnecessary “support services” to fix an alleged computer, device, or software problem. They convince victims that their computer has been infected by malware; a window will pop up, alerting the user of a malware or spyware infection on their computer, and that their only recourse is to call a phone hotline for technical support. Once on the phone, scammers try to convince the callers to establish a remote connection to their computer and sometimes download a second remote management software without the user knowing to keep up a constant connection to the user’s PC.

Once granted access, bad actors can also install malware, or other malicious programs that damage the data housed on devices, or even worse, harvest personal information. Criminals with access to this type of sensitive data can leverage it to gain entry into financial accounts, health records, or other essential services. In addition, fraudsters go to great lengths to convince victims of their legitimacy, including creating web pages that imitate antivirus or firewall software warnings or even setting up fake companies to validate their con.

Recommended ITech News: D-Link Enhances On-Premise Security and Network Management with Nuclias Connect Hub Plus

“Tech support fraud is increasingly common and targets some of the most vulnerable individuals. Criminals exploit victims through money or personal information,” said Alexej Savcin, Senior Malware Analyst, Avast. “Above all, remember that whether it’s a phone call or a website, legitimate tech support won’t ever proactively seek you out to fix an issue. If in doubt, don’t engage, give access to your devices, or share any personal information. At Avast, we are passionate about supporting vulnerable populations online, like the elderly, and are available to troubleshoot any issues.”

Protecting yourself and loved ones from tech support scams

Spotting tech support fraud is essential in stopping it in its tracks. Use these tactics to keep yourself safe online:

  • Question what led you to the support page: if it popped up on its own, that is one major indication that the website is fraudulent.
  • Check the webpage: compare the domain URL to known sites; if it is not intuitive or easy to read, the website may be a scam. Further, if the browser freezes on a tech support page, it’s an indication that something is wrong; if a tool actually detected malicious activity, the site would get blocked.
  • Remember, there is no real threat until a bad actor gains access to your information or devices: although criminals may try to pressure you, stay vigilant and skeptical when online, if unsure disengage and verify credentials on your own.
  • Call someone you can trust – when in doubt, reach out to a family member or someone you trust.

Finally, being aware of common scam methods can help to ensure you aren’t a victim. Stay vigilant of the following techniques:

  • Malicious Advertising (Malvertising): Scammers abuse legitimate online advertising markets with fraudulent ads that lure victims to their infrastructure, often a fake tech support scam page indicating an issue needs mitigation.
  • Evil Cursor: This technique alters cursor size and shape, making it difficult to navigate, which prevents users from closing a tab or browser, convincing them that tech support is necessary.
  • 401 Authentication Loop: Fraudsters can exploit an authorization pop-up window which in some cases even imitates a legitimate operating system design. The window can’t be closed and displays contact information for fraudulent tech support.
  • File Downloading Jamming: Bad actors jam browsers with file downloads until unresponsive. This also consumes a large amount of RAM, which compounds and further slows a victim’s computer.
  • Keyboard Shortcut Lockout: Fraudsters will lock commonly used keyboard shortcuts to close windows (i.e., “ALT+F4” or the “Escape” key), so victims experience an infinite loop with no way to escape.
  • Browser History Manipulation: Scammers can disable or remove the “back” button online or may even manipulate it to recall the current page, so victims have no way to exit the website
  • Print Spam: Malicious web page continuously sends print commands to the browser to make it seem slow and unresponsive.

“We urgently need to bring tech support fraud into the public awareness; they should be part of educational conversations about the internet in families and among friends. People need to talk about tech support fraud to their grandparents, parents, friends and children. Users, if in doubt of whether they are being scammed, should always talk to family members and friends about the situation they are in, as an external person may realize a scam more easily than the affected person in the heat of the moment,” said Savcin.

Recommended ITech News: Tuya Smart Showcases New IoT Device Connectivity Capabilities at 2021 Mobile World Congress (MWC)

Related posts

Dialpad Introduces a Smarter, More Reliable Calling Experience for Microsoft Teams Users

CIO Influence News Desk

Picus Security Raises $45 Million to Spearhead New Era of Adversarial Exposure Validation

Business Wire

Odesso Announces New Executive Leadership Team

CIO Influence News Desk