Be on the Lookout for Scam Tech Support Calls

Instead of getting you out of a jam, tech support scams get you into one. And they can get costly.

Tech support scammers had a banner year in 2022. They raked in more than $800 million in the U.S. alone, according to the FBI’s list of reported cases. The actual figure climbs higher when you factor in all the unreported cases. And it goes yet higher still when you consider all the victims worldwide.

In all, tech support scams make up a multi-billion-dollar industry.

They make their money several ways. Sometimes the scammers who run them charge large fees to fix a non-existent problem. Other times, they’ll install information-stealing malware under the guise of software that’s supposed to correct an issue. In some cases, they’ll ask for remote access to your computer to perform a diagnosis, but access your computer to steal information instead. Or they could hit you with several of the above.

You can stumble across these scams on your own as you go about your day online. Other times, they find you, such as when the scammer calls you directly.

One of our employees shared his story when a tech support scammer called his wife out of the blue:

I was messing around on my computer before dinner. My wife came in with a strange look on her face as she told the person on the phone, “I think you might want to talk to my husband about that.” Once on the phone I was greeted with, “Hi, this is Rick from Windows support and we’re calling because your computer is sending junk files to the internet.” I knew there was no way he was from “Windows support” since a reputable company isn’t going to call me up out of the blue like this, but as a security researcher I was curious, so I jumped right in.

“Rick” said that to fix my issue he needed me to install a free remote access tool and give him access to my system. Letting an unknown person access my actual computer seemed like a bad idea, so I let him log on to a “virtual machine” that I use for security testing. The first thing he did was turn off my security software, including the antivirus and firewall. After doing that, he downloaded a file that he tried to install. Since I had additional security software in place he wasn’t aware of, the installation failed each time he tried to run it. At this point, I had the file he was trying to install, the IP address he was connecting from, and the site he used to get the malicious file. I told “Rick” that I work for a security company and would like to know what he was actually looking for. I’m fairly certain he hung up before I completed my sentence.

Sure enough, after the call, a malware scan confirmed that “Rick” wanted to install a remote access tool (RAT) that would have given him full control of the computer.

That’s one example of how these scams go. They get costly too. The FBI further reported that the average loss for a tech support scam approached $25,000. In some cases, pop-up “security alert” ads spearheaded scams that cost people $200,000 and upwards to $1 million.

Fortunately, these scams are rather easy to spot. And avoid. If you know what to look for.

What do tech support scams look like?

Let’s start with a quick overview of tech support scams. They tend to work in two primary ways.

First, there are the scams that track you down.

This might be a phone call that comes from someone posing as a rep from “Microsoft” or “Apple.” The scammer on the other end of the line will tell you that there’s something wrong with your computer or device. Something urgently wrong. And then offers a bogus solution to the bogus problem, often at a high cost. Similarly, they might reach you by way of a pop-up ad. Again telling you that your computer or device needs urgent repairs. These can find you a few different ways:

• By clicking on links from unsolicited emails.
• From pop-up ads from risky sites.
• Via pop-ups from otherwise legitimate sites that have had malicious ads injected.
• By way of spammy phone calls made directly to you, whether by robocall or a live operator.

Second, there are the scams that lie in wait.

These are phony services and sites that pose as legitimate tech support but are anything but. They’ll place search ads, post other ads on social media, and so forth, ready for you to look up and get in touch with when you have a problem that you need fixed. Examples include:

• Online classified ads, forum posts, and blog sites.
• Ads on Social media sites such as Facebook, Reddit, YouTube, and Tumblr.
• Search results—scammers place paid search ads too!

How to spot and avoid tech support scams

• With regards to ads and search results, keep an eye open for typos, awkward language, or poor design and logos that look like they could be a knockoff of a trusted brand. Check our top tips to spot tech support scams of what these ads and search results look like.
• Don’t fall for the call. If someone calls you with an offer of “tech support.” Chances are, it’s a scam. And if they ask for payment in gift cards or cryptocurrency like bitcoin, it’s absolutely a scam. Just hang up.
• Note that big tech companies like Apple and Microsoft won’t call you with offers of tech support or an alert that “something is wrong with your computer.” Such calls come from imposters. Moreover, in many cases, the company will offer free support as part of your purchase or subscription that you can get on your own when you need it. (For example, that’s the case with our products.)
• Don’t click or tap on any links or call any numbers that suddenly appear on your screen and warn you of a computer problem. Again, this is a likely sign of an attempted scam. Often, this will happen while browsing. Simply close your browser and open a fresh browser window to clear the ad or link.
• Go to the source. Contact the company directly for support, manually type their address into your browser, or call the number that came with the packaging or purchase. Don’t search. This will help you avoid imposters that clog up search results with bogus ads.
• Protect your browsing. Use a web protection extension that can spot malicious sites and help prevent you from clicking on them by mistake. Comprehensive online protection software will offer protection for your browsing, in addition to protection from malware and viruses.
• Remove your personal info from data broker sites. How did that scammer get your phone number in the first place? Scammers often purchase personal information in bulk from data broker sites, which can include your phone number. Our Personal Data Cleanup can help you remove your information from some of the riskiest data broker sites out there.

Lastly, a good piece of general advice is to keep your devices and apps up to date. Regular updates often include security fixes and improvements that can help keep scammers and hackers at bay. You can set your devices and apps to download them automatically. And if you need to get an update or download on your own, get it from the company’s official website. Stay away from third-party sites that might host malware.

What to do if you think you’ve been scammed:

1. Change your passwords. This will provide protection if the scammer was able to access your account passwords in some form. While this can be a big task, it’s a vital one. A password manager that’s part of comprehensive online protection can make it much easier.
2. Run a malware and virus scan right away. Delete files or apps that the software says is an issue. Do the same for other devices on your network too. Experienced and determined scammers can infect them as well by gaining access to one device on your network.
3. Stop payment. Contact your bank, credit card company, or online payment platform to reverse the charges. File a fraud complaint as well. The sooner you act, the better chance you have of recovering some or all your money. (Note that this is a good reason to use credit cards for online purchases, as they afford extra protection that debit cards and other payment services don’t.)
4. Report the scam. In the U.S., you can contact the Federal Trade Commission, which reports the claim to thousands of law enforcement agencies. While they can’t resolve your individual issue, your report can help with broader investigations and build a case against scammers—which can make the internet safer for others. Their list of FAQs is particularly helpful too, answering important questions like “how do I get my money back?”

Introducing McAfee+

Identity theft protection and privacy for your digital life

Download McAfee+ Now