Welcome to the Oregon FBI’s Tech Tuesday segment. This week, part two of building a digital defense against tech support fraud.
Last week we talked about how the FBI’s Internet Crime Complaint Center – or IC3.gov – is seeing a huge increase in the number of people who are falling victim to “tech support fraud” schemes.
This is a scam in which the fraudster tries to convince you that you need his help fixing your computer or other device. He claims you have some dreaded – and usually non-existent – problem. He will ask you to pay him with a credit or debit card, electronic funds transfer, gift card or even virtual currency. Once you do, he says he just needs you to give him remote access to your device, and he will have that pretend-problem fixed in no time.
This week, we are going to talk about how the fraudsters are now taking this scam one step further.
IC3.gov is seeing cases where the victim receives a notification that she overpaid for some tech support incident and is due a refund. The criminal tells the victim that he can get the money refunded if she gives him remote access to her computer while she logs into her bank account. Now he has access to her bank account, and he can make it appear as if a refund has occurred just by moving her own money between savings and checking. To make matters worse, sometimes he will later tell her that he refunded too much, and he needs her to send some money back to him with an electronic funds transfer or pre-paid card. No matter how it plays out, the victim never received a refund and the criminal now has access to her bank account.
Another trend that IC3 is seeing these days involves criminals who are re-contacting their previous victims, this time pretending to be law enforcement or other government officials. In this case, the fraudster offers to help recover the previous losses, but to do so, he will need funds from the victim to assist with the investigation or to cover fees associated with returning the lost money.
A final trend to watch out for – criminals who pose as collection agencies claiming the victim did not pay for prior tech support services. The victim is often threatened with legal action if he or she does not pay a settlement fee.
So how do you protect yourself?
Remember that legitimate customer, security, or tech support companies will not initiate unsolicited contact with you.
Legitimate law enforcement and government officials will never ask for money to help victims recover lost funds. If in doubt, hang up, look up a public phone number for that agency, and call to confirm if the supposed investigator is real.
Resist the pressure to act quickly. Criminals will use social engineering techniques – including fear – to try to make you act before you think things through.
Do not give unknown, unverified people remote access to devices or accounts.
Ensure all computer anti-virus, security, and malware protection is up to date.
If you have been victimized by this scam, you can file an online report at the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office