How to Help Victims of Tech Support Scams

Tech support scams are on the rise. Clients get tricked by a phone call, a pop-up or a search engine ad. Once they’re on the phone with the scammer, they’re convinced something is wrong with their computer. Eventually, they’ll rely on you to clean up the mess. Each situation will be a little different, but here’s a general guide.

Always Be on the Lookout For Fake Tech Support Victims

Most clients who call your business realize they’ve been scammed. After all, if they thought the scammers were legitimate they wouldn’t be calling you. They’d rely on the fake tech support company.

Occasionally, we’ve found clients who don’t realize they’re a victim. When we see remote control software like TeamViewer running, we’ll confirm they know what the program does and why it’s there. Other times, the client asks us a very specific tech support request like “I have a problem with my IP address” or “my event viewer shows a problem.” In these cases, we’ll ask what lead them to the problem. Scam victims will tell us they got a phone call from Microsoft or their ISP.

Put The Client at Ease

Victims of scams feel both ashamed and guilty this happened. They should have known better and been able to detect the scam earlier. Sometimes they’ll even take it out on you. How did you let this happen to the computer?

Explain to the client that these scammers are part of a large-scale operation optimized to take advantage of people. Helpful links from the FTC and Microsoft show this is a wide-spread and ongoing problem. The clients need reassurance they did nothing wrong even if they made an error in judgement.

Determine if a Service Call is Necessary

Once you calm the client, try to figure out the details of what happened and if they need a service call. If the client got a phone call, pop-up or email and didn’t act on it, they’re probably fine. I don’t like victimizing the client further here. If they didn’t do anything to the computer and didn’t give control to another company, the client’s computer should be fine.

Even if the scammer asked the client to check an event log or type a few commands in terminal, I don’t think you need to do a service call. Absent any other symptoms or action, the client made no changes to the computer. There are other reasons you may want to visit the client, but this is not a sufficient reason.

I recommend a service call (either on-site or remote) in three scenarios where the client:

• Gave the scammer private or confidential info (email, passwords, phone numbers)
• Went to a website suggested by the scammer
• Let the scammer remote control the computer

In all three cases, you need to determine if the scammers did any damage to the computer or the client’s security.

Look for Real Problems and Potential Threats

When you look at the computer, the first thing you’ll look for is any remote control software running. Since the tools aren’t malware, you can’t rely on a malware scanner. Look at what’s running in the background or system tray. Sometimes the fake companies use TeamViewer, but other times it’s an instant solution that doesn’t leave any software behind.

After you’ve shut down any potential remote control clients installed by the fake tech support people, retrace the steps of the scammer. Look through the client’s recent browser history (some scammers clear the history) and interview the client about what sites they went to during the scammer’s phone call. If they accessed any password-protected websites, you’ll need to change those after you fix the system.

Repair the Damage To Both the Computer…

Before you run the malware scan, check for any recently installed programs. Even if the program seems legitimate, I’d remove it if it was added during the call. That could be a customized version of a popular program. I wouldn’t trust anything installed by these fake support companies.

Then go ahead and run your standard malware removal procedures. Even if you don’t see any outward symptoms of an infection, you never know what these bad people installed on your client’s system behind the scenes. Software like keyloggers won’t show any obvious symptoms.

While you don’t want to take advantage of a client in a difficult situation, at this point in the service call, it’s a good idea to discuss security. I recommend reviewing the security software on the system and password procedures. If the client fell for the scam that means that they don’t trust the security software so it’s time to review it. I’ll also position a backup solution at this point.

…And The Client

When you’re on-site, the client’s’ guilt and embarrassment will often show through. The more damage that’s done to the system, they more frustrated they get. They’ll need that reassurance again from step one.

The ultimate goal of these tech support scams is to convince the buyers to buy some overpriced products or services. If the client paid, they’ll need to contact their bank or credit card company and dispute the charges. The client needs to do this right away because all financial institutions require you to do this as soon as possible. If it’s the same day, it might not even show up on the client’s bank statement. You might have to fill out an affidavit or write a statement on behalf of the client that the product or service the client bought isn’t legitimate.

On rare occasions, clients don’t want to dispute the charge. They’re embarrassed or too busy to fight the charge. I don’t like my clients wasting money, so I’ll strongly encourage them to start a chargeback. We don’t want these tech support companies to be rewarded for what they did to your client.

I also recommend contacting the Consumer Affairs Division of the Attorney General (or your jurisdiction’s equivalent) and the Federal Trade Commission (or country equivalent). These agencies can’t intervene in individual cases, but can track trends. The client also feels like they did something to help law enforcement act against these people.

If the financial institution won’t reverse the charges, check with homeowner’s or business insurance. They’ll sometimes reimburse losses due to fraud.

Protect Your Clients From These Scams

If you’ve got a good relationship with your clients, they’re less likely to fall for the scams. If they have a question about the computer, they should call you after all! The latest wrinkle on this scam (and it happened to one of my clients) is the fake caller pretends to be your company. The scammer found out who the top computer repair search result is in an area and calls pretending to be that company. In my client’s case, they couldn’t understand the accent of the caller, so that worked in my favor.

Don’t assume the caller will be foreign. The tech support scams are now originating in the United States and the person calling doesn’t even know they are part of a scam. They’re just reading from a script and out to make a sale.

The best way to stop these scams is to educate your clients. It’s a great opportunity to contact them and remind them you’re the person they go to for computer problems. Explain to the client what to do when they get these calls:

• Ask to be put on the companies “do not call list.” It may not work, but doesn’t hurt.
• Hang up the phone.
• Don’t call numbers that appear in pop-up ads.
• Avoid calling the first number they see for tech support after a search (it’s probably an ad).

The most powerful tool you have to prevent these problems is training your clients. They should call you instead of trusting an ad, a phone call or a search engine result. That tool isn’t foolproof, so these procedures should clean up the mess. Feel free to leave your own suggestions or tech support scam stories in the comments.

Written by Dave Greenbaum