Scammers have put in place another way of making collaborators feel pressured, by making them think there is no other way for their device to keep on working except if they pay a certain amount of money or share confidential information. This scam is known as fake technical support. It has become common and can happen not only through the display of a message on the screen, but also via email, phone and chat services.

What is a fake technical support scam?

One common example of fake technical support scam is that cybercriminals set up a scam where the victim gets notified, through phone, email or any other chat services, that their device is about to shut down due to a technical issue. In addition, they offer a solution to the said problem and request the victim to quickly follow up by clicking on a link, calling a given phone number or executing a wire transfer. Via the shared link, the attackers are trying to execute a phishing attack to steal confidential data or install a virus. As for the phone number, they are trying to put the victim at ease, thinking the phone number belongs to official support, in order to give a series of actions to execute that, at the end, will also give away confidential information or install a virus.

How to protect against fake technical support scams?

1. Raise collaborators’ awareness on scams that aim to steal confidential information

An organisation’s collaborators are its first line of defence. Your collaborators need to be made aware on how to identify scams and fake message in order to adopt the right reflexes. There are several ways cybercriminals try to steal collaborators’ credentials in order to get access to an organisation’s resources. A very common way is to use a phishing email, through which cybercriminals try to convince their victim to share passwords or confidential information. It is thus important to have regular informative sessions to train the collaborators about not sharing too much on social media and not clicking on a link or opening a file without analysing where it comes from first.

To help assess the legitimacy of a message, the following questions can serve as a first indication of a scam:

•    Is it unexpected?
•    Is it urgent?
•    Do you know the person who sent the e-mail?
•    Do you find the request strange?
•    Where does the link you need to click on lead to? (only hover on it with your mouse, do not click)
•    Is there a QR code in the message?
•    Are you being personally addressed?
•    Does the message contain many linguistic errors?
•    Is the message in your Spam / Junk folder?
•    Is someone trying to make you curious?
•    Are you asked to make a payment?

2. Pay attention to what you post online

Social media and an organisation’s website offer an important customer reach. However, it is not possible to always fully control the audience that has access to the information and posts shared. Personal or confidential information shouldn’t be shared on those platforms, as they could be used for malicious purposes, such as identifying which collaborators work in which department. They would therefore be more likely not to know how technical support might reach out.

3. Secure the access to your accounts

Accounts are an entrance door to an organisation’s whole environment. They thus need to be protected by using strong passwords that are different for each account. A strong password is one of at least 12 characters and has a combination of upper and lower cases, numbers and symbols. In combination with a strong password, Multi-Factor Authentication should also be enabled wherever possible. Multi Factor Authentication requires a user to provide at least two different methods (e.g., passwords and PIN code, PIN code and a code received via text) to verify their identity and grant them access to the resource they are trying to reach.

4. Update your devices and software as soon as possible

Since it could only takes one vulnerability in a system, application or device for cybercriminals to compromise in order to cause damages and get access to information, installing updates as soon as they are available is crucial. It ensures a strong cyber defence and makes sure that the system version being used is still supported by the vendor.

5. Enforce antivirus and local firewalls on devices

There are several ways a device can be infected by a virus: opening an attachment, clicking on a link, plugging a USB drive or simply surfing through a website. A virus is a malicious software that aims at damaging resources, deleting files, slowing down performances or stealing confidential information. Once a virus is on the computer, it will take time, effort and financial means to remove it. This is why it is better to protect all devices allowed to connect to the organisation’s network with an antivirus software upfront.

In addition, a firewall should be used to monitor and filter the access requests to the corporate network based on predefined security rules. The firewall acts as a wall between the corporate network and an untrusted network (e.g., home network, Internet). It will allow the organisation to limit external access only to authorised people.

6. Watch out where you surf

Avoid browsing through unsure or illicit websites such as platforms offering counterfeit goods or software, or illegal streaming services. Scams are more frequent on those types of websites as it is easier for cybercriminals to penetrate them.

7. Only use official websites and platforms to download applications and software

Pirated applications and software are usually infected with malware so only look for installation and download of official ones, through vendors’ official platforms and websites.

8. Limit the actions that can be executed with an admin account

Limit the number of administrator or privileged accounts to the bare minimum. No one should have administrator privileges for day-to-day tasks. Giving the privileges that admin accounts have, it will make it easier for cybercriminals to take over the device or install malware.

9. Regularly backup your critical resources

Backup all systems, applications, servers and data to make sure that even if an incident occurs, all important information can still be recovered. It is important to regularly test those backups to confirm that they can actually be used if needed, after an incident.

What to do if you get scammed?

  1. Do not call the number mentioned in the message.
  2. Report the incident immediately to your IT responsible.
  3. Do not let anyone you don’t know take control of your device.
  4. Reboot your device.
  5. Clean your browsing history by deleting cache, cookies and reinitialising all parameters. If that isn’t enough, completely remove your profile and create a new one.
  6. Uninstall any application or software that seems strange or that you don’t remember installing
  7. Scan your device with an antivirus.
  8. Warn your colleagues that they might be getting a message from someone impersonating technical support but that they should not trust it.
  9. Change all the passwords that were given (if any) on all the accounts they are being used.
  10. If the scam was about bank details, immediately contact the finance responsible to inform them of the incident. If you notice that money has been stolen from your own bank account, be sure to file a complaint with the police.
  11. If you are the responsible of that bank account, call Card Stop on +32 78 170 170 and make sure to check your account statements. If you identify any suspicious activity, immediately call your bank so they can help you out.

If a fake technical support scam happens through mail, report it to your IT Responsible and to the relevant national authority ( (EN); (FR); (NL/DE)) and immediately delete it.

The aim of this content is to share and raise awareness of good cyber security practice. 
Some of this advice may apply differently depending on the context of your organisation.
Always comply with the policy and instructions in force in your organisation.
If in doubt, always ask your IT manager for advice first.