- What are tech support scams?
- What is the impact?
- How can I avoid these scams?
- What if I have fallen victim to a scam?
- Resources
What are tech support scams?
In a technical support scam, a cyber thief will contact you, either by phone or through a website via a pop-up window in your web browser (an example of this process is described in this article). The scammer may claim to represent Microsoft, Apple, or other IT vendors, or they may claim to be IT support staff at the University of Washington. A common tactic they use is to tell you that your computer is infected with malicious software, also known as malware, and they will offer to “fix” the problem. If they are able to convince you that your computer is infected, often they will ask you to give them remote access to it.
What is the impact of these scams?
Once the scammer gains remote access to your computer, typically via remote desktop software, they may do one or more of the following:
- Trick you into installing malicious software, or malware, that could scan for and capture personal information, such as your banking passwords and other important login credentials.
- Lock your computer so that you aren’t able to access your data and files until you pay for their “support” services.
- Direct you to fraudulent websites and ask you to enter personal information or pay for services.
As described in this article, these scammers employ sophisticated methods, such as creating legitimate-looking ads that impersonate real companies.
How can I avoid tech support scams?
- Technical support services for legitimate IT vendors, banks, and other organizations, including UW, will never contact you out of the blue and ask for credit card numbers, login credentials, or other personal or financial information.
- Do not purchase software or services that are advertised via unsolicited phone calls, texts, or pop-up messages.
- Never allow remote access to your computer by a third party unless you are able to confirm that it is a legitimate representative of a computer support team with whom you are already a customer.
- Never provide your credit card or financial information or login credentials to an unsolicited caller who claims to work for IT support for Microsoft, Apple, other tech companies, or for UW.
What if I have fallen victim to a scam?
- If you gave remote access or any passwords to a scammer, change your passwords right away. Additionally, contact the IT support staff for your department and ciso@uw.edu. Read more on the Report an Incident page.
- Report scams that specifically target the UW community to security@uw.edu.
- If you paid money to a scammer, contact your local law enforcement, such as UW Police.
- Find more information on the FTC’s How to Spot, Avoid, and Report Tech Support Scams page.
Report suspected scams that specifically target the UW community to security@uw.edu.
Resources
- BleepingComputer: Convincing ‘YouTube’ Google ads lead to Windows support scams
- Cybercrime Support Network and Google: Scam Spotter
- Microsoft: Tech Support Scams
- Apple: Recognize and avoid phishing messages, phony support calls, and other scams
- FTC: How To Spot, Avoid, and Report Tech Support Scams
- OIS: Scams