10-point action plan for resolving fake tech support access to your PC: Internet Scambusters #710
Tech support scams affect 3.3 million people and cost $1.5 billion every year.
So what do you do if you're one of those unfortunate victims?
We'll give you a 10-point action plan in this week's issue, along with information about a new variation in the tax bill scam.
Let's get started...
What to Do if You Fell for a Tech Support Scam
Much as most of us like to think we're smart enough not fall for a scam, millions of people are conned every year into giving access to their PCs to tech support imposters.
These are the people who claim to be from Microsoft or another computer firm. They tell you they've detected a virus on your PC and need to be given remote access to put it right.
You probably know what "remote access" is, but for those who don't, it's a feature of Windows that enables someone in another location to access your PC via the Internet.
But you have to give them permission via your PC first, which is why these scammers make their spoof calls.
Once they get access, they can digitally crawl all over your PC, looking for confidential information like passwords and account numbers.
And after they're done, they may leave a piece of malware on your PC that enables them to access it at any time or plug it into a botnet -- a network of compromised computers that are forced to send out spam.
We've reported on the tech support scam before in our article, Latest Car Parts, Tech Support and Domain Name Scams, and hope you've managed to evade these crooks.
But what if you -- or someone you know -- gets caught out and gives PC access to these crooks?
According to Microsoft's Digital Crime Unit, some 3.3 million people fall victim to the tech support scam every year, costing victims around $1.5 billion.
How will you know you're one of those victims? It's simple. If someone phoned you claiming to be from Tech Support or claiming they've detected a virus on your PC and they need access, it was a scam.
Tech companies just don't operate that way.
Put it this way: If they knew what was happening on your PC, that would mean they must already have remote access, so why would they need to request it?
So if you gave the caller access, you've exposed your PC security to them.
A more clever way the scammers may try to reach you is by tricking you into downloading malware onto your PC, which then flashes a warning that you have a virus and need to contact "tech support" to have it removed.
Again, that's not the way legitimate security software works. If it identifies a virus, it will tell you and give you the option of deleting it but genuine security software doesn't ask you to make a phone call.
Once you realize what's happened, you need to take immediate action to minimize the potential damage.
Some of the things you should do are similar to those for identity theft. After all, that's most likely what will have happened after a scammer gets access to your computer.
Here's our 10-point plan to deal with it:
1. Shut down and disconnect your device from the Internet. That puts an absolute stop on any external meddling. It also often automatically revokes remote access for when you restart.
2. Ideally, you would have a full system backup that would enable you to restore your computer to its previous state, ensuring the scammers no longer have access to your machine.
If you don't know how to back up your system, you might visit the site of our friend Leo Notenboom and search on "backup." Or just do a Google search on your Internet browser - but be careful that you visit a legitimate site.
3. If you don't have a backup, run the Windows "System Restore" feature. Visit microsoft.com to learn how to do this.
4. Whether you restored your system or not, ensure your Internet security software is up to date and run a FULL virus scan to remove any lingering malware.
5. If you know how to do it, check your web browser's settings for any newly installed extensions or add-ons you don't recognize and delete them.
6. If you don't know how to do this or you're still not certain your machine is "clean," have it professionally checked.
7. Only when you've done all this should you change all passwords. Yes, all passwords on every account you access via your PC.
8. Alert your bank and credit card companies and monitor all statements online every day, looking for suspicious items.
9. Put a freeze on credit applications via the three credit monitoring agencies -- Equifax, Experian and TransUnion. This will cost a few dollars but is worth it. Each of the bureaus has its own "credit lock" service but you might find the following article useful: Credit Freeze and Thaw Guide.
10. File a complaint with the Federal Trade Commission (FTC).
Whether you're a victim of a tech support scam or not, make a point of educating yourself about these tricks and how to avoid them.
How? Subscribe to Scambusters, of course. But also check out this guide on tech support scams from the FTC.
Alert of the Week
Look out for this nasty variation of the IRS unpaid tax scam, which is now in full swing.
If you receive what is obviously a scam call (the IRS doesn't actually phone people to tell them they owe taxes) and hang up, the phone may ring again.
This time, the caller claims to be from the police (complete with spoofed caller ID that seems to confirm it) and demands to know why you hung up.
This is followed by a warning that you must pay immediately. But here's what you do: Hang up again!
Time to conclude for today -- have a great week!