Microsoft Warns of Rising Tech Support Scams, Calls for Industry-Wide Cooperation

Incidents of tech support scams targeting susceptible PC users are increasing, Microsoft warned. The company received 153,000 reported complaints from consumers in 2017, 24 percent higher than the prior year, according to its detailed security report released on Friday.

Reported incidents came from 183 countries, suggesting a widespread global problem. Of those who fell prey to the scam, roughly 15 percent lost money averaging between $200 and $400. There were cases of victims paying significantly more. In December 2017, Microsoft was notified of a tech support fraud in the Netherlands that resulted in the financial loss of 189,000, or about $109,000.

Called social engineering attacks, scammers use a variety of ways to initiate the fraud. Cybercriminals send phishing emails, display strategic online ads or full-screen error messages, install malware, or place unsolicited phone calls to convince victims that their systems or devices have been compromised.

Once victims contact the call center for help, a fake technical support specialist instructs them to install remote administration tools (RATs). This allows fraudsters to have complete control over the device and unrestricted access to sensitive information. They make changes inside the device and point out system errors to convince victims of the ‘problem’. This then prompts unsuspecting consumers to pay for the removal of fake or nonexistent malware.

According to Microsoft, the widespread problem is not limited to its platform but has affected users of MacOS, iOS, and Android systems as well. The FBI received 11,000 tech support fraud complaints in 2017 from 85 countries. Of these, claimed losses amounted to approximately $15 million, representing an 86 percent increase compared to prior year.

The FBI also noticed an emerging trend: re-targeting past victims of tech support fraud. Scammers pose as government officials or law enforcement and offer assistance in recovering losses in exchange for fees. Other fraudsters act as collection services and threaten the victim with legal action for nonpayment of outstanding tech support fees. Some criminals use obtained personal information to commit additional fraud, such as unauthorized bank transfers or opening of new accounts for unlawful payments.

Microsoft expressed concern over tech support scams that bypass secure platforms like Windows 10 easily and coerce users into giving unrestricted access to their devices. Because the problem is far-reaching, the company called for industry-wide collaboration and law enforcement partnership. Microsoft continues to form partnerships with web hosting providers, telecom networks, browser developers, antivirus solutions, and financial networks in detecting tech support scammers.