Believe it or not, tech support scams fool younger users


Tech support scams are usually thought of as a low-down way for operatives to fool older users who may not be tech savvy. But a new study finds that these scammers can have a field day with Millennials who grew up around technology, too.

Microsoft commissioned a study as part of National Cybersecurity Awareness Month that explored what goes into a successful tech support scam. In these attacks, users are contacted by someone claiming to need access to their accounts or financial payout in order to support products they’re using.

The survey found that two-thirds of respondents had reported being contacted by a tech support scammer within the past year. And about 20% took things a step further, by downloading malware at the scammers’ direction, visiting a scam website, giving fraudsters remote access to their accounts or providing credit card information as part of the scam.

Worse still, one-in-ten respondents reported losing money to a support scam.

Age doesn’t matter

The target of these attacks is often the elderly, but the survey found that no one was immune to the scam.

In fact, the opposite of the stereotype played out. Of those who continued with the scam by revealing personal information or paying for services:

  • 17% were age 55 or older
  • 34% were between 36- and 54-years-old, and
  • 50% were between 18- and 34-years-0ld.

Getting the message out

Hopefully, your users are familiar enough with your company and its IT department that they won’t fall for a remote support scam. But part of what makes these scams so successful is that they can be a part of another attack.

For instance, if a hacker is able to gain access to your networks, they may be able to tell which products and services are in use and who uses them. Using that information, they can directly target the users who are most likely to take the bait in order to gain further access to sensitive information or even make a pitch for CEO fraud.

Or by targeting users’ personal systems, attackers can probe further and gain access to their work credentials as well.

Make sure users know not only who your tech support people are, but also how they work. Explain certain rules, such as:

  • you will never ask them for a password over the phone, email or chat
  • your team doesn’t and won’t ask for any personal information
  • if a software vendor or supplier contacts users about a work product, they should forward the call to IT immediately every time, and
  • the only group that should be able to download products or support is IT, and anything else should be assumed to be a scam until proven otherwise.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy