The Federal Trade Commission (FTC), along with the Florida attorney general, announced an operation a few months ago that successfully shut down a major computer tech scam that cheated people out of millions of dollars by convincing them that their computer was compromised and they needed to pay for the fix.
The FTC also warned that these types of scams continue to be a major threat to U.S. consumers.
Read more: Warning: The IRS phone scam is back
How the tech support scam works
In fact, there's a new version of the scam making the rounds that involves a pop-up warning claiming to be from Microsoft. According to a recent report, the fake notification first warns you that your computer will lock up if the alert window is closed, and then it instructs you to call a specific phone number "immediately." The message from the crooks may also warn that your computer has "been infected with a suspicious activity" and even claim that your information has already been stolen.
This is just one variation of how it can work.
The problem is that these scams come in all different shapes and sizes -- including pop-up alerts, fake advertisements and even phone calls -- making it difficult for consumers to be able to tell the difference between fake alerts and the real ones.
According to the FTC, the scammers often use "deceptive online ads and misleading, high-pressure sales tactics to frighten consumers into spending hundreds of dollars for dubious computer 'repairs' and antivirus software."
To make users think these pop-up alerts are legitimate, hackers create them to look just like real updates you would get from Microsoft or Apple. Typically, the notification then prompts the user to call a toll-free number (displayed in the ad) to make sure their device, and any sensitive information stored inside, are protected.
When you call the number, you're asked to give a fake tech support worker remote access to your computer by downloading a software.
Read more: Beware of new 'can you hear me' phone scam
In one case, fake "technicians" sitting in a call center in Florida would then allegedly "run a series of 'diagnostics' that inevitably discovered the existence of grave problems that must be immediately fixed at a cost of $200 to $300," according to the FTC.
On top of that, consumers were encouraged to spend an additional $200 to $500 to replace their existing antivirus software, which they were told was outdated and useless. And when people did purchase the "updated software," it was typically something that's already available as a free download, according to the FTC.
How to avoid tech support scams
If you fall for it and download whatever software the crooks give you, they can then secretly track everything you do on that device -- just waiting for you to enter any password or payment information that they can steal.
On top of that, once you give the scammers remote access to your computer, they can then hold it ransom until you pay them a large sum of money -- which may or may not actually get you your device back.
These scams have become such a big threat that the FTC now has a page on its site dedicated specifically to informing consumers about tech support scams. And since it can be difficult to determine whether an update or alert is legitimate, the FTC has provided some tips on how to spot this type of scam, how to avoid it and what to do if you think you've been a victim.
Here are some common tactics a scammer may use to try to get money and/or sensitive information from you:
- ask you to give them remote access to your computer and then make changes to your settings that could leave your computer vulnerable
- try to enroll you in a worthless computer maintenance or warranty program
- ask for credit card information so they can bill you for phony services — or services you could get elsewhere for free
- trick you into installing malware that could steal sensitive data, like user names and passwords
- direct you to websites and ask you to enter your credit card number and other personal information
What to do if you get a call from someone claiming to be from tech support:
- Don’t give control of your computer to a third party who calls you out of the blue.
- Do not rely on caller ID alone to authenticate a caller. Criminals spoof caller ID numbers. They may appear to be calling from a legitimate company or a local number, when they’re not even in the same country as you.
- Online search results might not be the best way to find technical support or get a company’s contact information. Scammers sometimes place online ads to convince you to call them. They pay to boost their ranking in search results so their websites and phone numbers appear above those of legitimate companies. If you want tech support, look for a company’s contact information on their software package or on your receipt.
- Never provide your credit card or financial information to someone who calls and claims to be from tech support.
- If a caller pressures you to buy a computer security product or says there is a subscription fee associated with the call, hang up. If you’re concerned about your computer, call your security software company directly and ask for help.
- Never give your password on the phone. No legitimate organization calls you and asks for your password.
- Put your phone number on the National Do Not Call Registry, and then report illegal sales calls.
What to do if you've responded to an alert or other notification that you think could be a scam:
- Get rid of malware. Update or download legitimate security software and scan your computer. Delete anything it identifies as a problem. Here's a list of free antivirus and malware protection options.
- Change any passwords that you gave out. If you use these passwords for other accounts, change those accounts, too.
- If you paid for bogus services with a credit card, call your credit card provider and ask to reverse the charges. Check your statements for any other charges you didn’t make, and ask to reverse those, too.
- If you believe that someone may have accessed your personal or financial information, visit the FTC’s identity theft website. You can minimize your risk of further damage and repair any problems already in place.
- File a complaint with the FTC at ftc.gov/complaint.
Tips to avoid similar scams
- Don't click on any links in an email you weren't expecting: Scammers often disguise malware attacks as emails that appear to be from a friend, helpful website or company you do business with. If you aren't sure about it, delete the email and contact the friend or company directly. If you click on any link or attachment in an email you weren't expecting, it could install malware on your device without you even realizing it until your bank account has been drained.
- If you receive an email claiming to be from your bank or other company that has your personal information, don't click on any of the links: Even if it looks official, it could still very easily be a scam. Instead, log in to your account separately to check for any new notices. You can also call the company about the information sent via email.
- Research unknown sites before going to them directly: When it comes to spotting potentially-dangerous websites, before you go to an unknown site, double-check the spelling of the web address/URL by first doing a search for it.
- Run anti-virus software: Frequently run anti-virus protection programs on your devices to check for any malware that could be hiding in the background. Here's a list of free options.