Aussies are being targeted by an increasing number of tech support scams as many around the country are forced to return to working from home as the number of COVID-19 cases across the country.
Digital security and privacy firm Avast said it has received over 360,000 complaints since January this year.
Here’s everything you need to know and how to protect yourself.
How Tech Support Scams Work
Tech support scams happen when fraudsters use scare tactics to trick people into purchasing overpriced and unnecessary “support services” to fix an alleged computer, device, or software problem, Avast said.
The scammers will convince victims their computer has been infected with malware with a pop up window alerting them of a malware or spyware infection.
There will also be a prompt to call a phone hotline for support at which point the scammers will try to convince you to establish a remote connection to the computer.
This can be done by encouraging the victim to download “remote management software” without the user knowing it is giving the scammers full access to their PC.
Once granted access, bad actors can also install malware, or other malicious programs that damage your data, or even worse, harvest personal information.
Criminals with access to this type of sensitive data can use it to gain entry into financial accounts, health records, or other essential services, Avast said.
In addition, fraudsters can go to great lengths to convince victims of their legitimacy, including creating web pages that imitate antivirus or firewall software warnings or even setting up fake companies to validate their con.
"Tech support fraud is increasingly common and targets some of the most vulnerable individuals. Criminals exploit victims through money or personal information," said Alexej Savcin, Senior Malware Analyst at Avast.
"Above all, remember that whether it's a phone call or a website, legitimate tech support won't ever proactively seek you out to fix an issue. If in doubt, don't engage, give access to your devices, or share any personal information."
Protecting yourself from tech support scams
Spotting tech support fraud is essential in stopping it in its tracks. Avast said there are four main tactics that you can employ to keep yourself safe online.
To spot a scam or fraud online you should:
Question what led you to the support page: If it popped up on its own, that is one major indication that the website is fraudulent.
Check the webpage: Compare the domain URL to known sites; if it is not intuitive or easy to read, the website may be a scam. Further, if the browser freezes on a tech support page, it's an indication that something is wrong; if a tool actually detected malicious activity, the site would get blocked.
Remember, there is no real threat until a bad actor gains access to your information or devices: although criminals may try to pressure you, stay vigilant and skeptical when online, if unsure disengage and verify credentials on your own.
Call someone you can trust - when in doubt, reach out to a family member or someone you trust.
7 most common online scam methods
Being aware of common scam methods can help to ensure you aren’t a victim, Avast said. Stay vigilant of the following techniques:
Malicious Advertising (Malvertising): Scammers abuse legitimate online advertising markets with fraudulent ads that lure victims to their infrastructure, often a fake tech support scam page indicating an issue needs mitigation.
Evil Cursor: This technique alters cursor size and shape, making it difficult to navigate, which prevents users from closing a tab or browser, convincing them that tech support is necessary.
401 Authentication Loop: Fraudsters can exploit an authorization pop-up window which in some cases even imitates a legitimate operating system design. The window can't be closed and displays contact information for fraudulent tech support.
File Downloading Jamming: Bad actors jam browsers with file downloads until unresponsive. This also consumes a large amount of RAM, which compounds and further slows a victim's computer.
Keyboard Shortcut Lockout: Fraudsters will lock commonly used keyboard shortcuts to close windows (i.e., "ALT+F4" or the "Escape" key), so victims experience an infinite loop with no way to escape.
Browser History Manipulation: Scammers can disable or remove the "back" button online or may even manipulate it to recall the current page, so victims have no way to exit the website
Print Spam: Malicious web page continuously sends print commands to the browser to make it seem slow and unresponsive.