Introducing Scam of the Month – A favorite feature of our Monthly Newsletter, now on the Blog!

This month’s scam is a particular bother for us-

Meet the Help Desk Scam.

We get calls pretty regularly about these emails, so it’s time to talk about it.

In some variants, you get an email saying that something is wrong with your account, in others you may get a call or popup on your screen claiming malware has been detected on your machine;

either way it says you need to click a link or make a call to “tech support” in order to fix the problem.

The version we get calls about most often is an email (pretending to be from a company whose services we resell, but who has zero contact with the end users) claiming that the user’s email account is in danger. The emails vary quite a bit, some will say their password is expired, or their service is expiring. Others say their mailbox is full, or messages have been quarantined or withheld.  The email wants you to click a link for “tech support” to resolve the situation.  As I’m sure you’ve guessed, the link is to a phishing site, where they will try to steal login credentials or other personal information.  Be aware, these emails and the landing page can be faked to appear to come from any company.

The other version may be even more insidious, as the victim is either called by or instructed to call a “tech support hotline”, whose operator will try to get them to download and install remote access software onto their computer.  After that, the attacker has full access to the computer – needless to say, that is very, very bad.

As you can imagine, real Help Desk techs don’t take kindly to people pretending to be them in order to defraud people!

If you get something like this, how do you know if it is legitimate or not?

• If you are a customer of ours, none of our vendors should ever contact you directly. Our HelpDesk folks are the only ones who should ever contact you about your account.
• If you are a customer of ours, and remote access support is part of your service plan, the software is already on your computer. Our techs will never ask you to download remote access software.
• Look closely at the From address on that email. Does it look legitimate?
• If you get the popup that says you’ve got malware – it’s bogus. Especially if it is brightly colored and flashing. They make it obnoxious to disorient and surprise you enough to click on it.  Real malware likes to work in secret, (except for ransomware, but that’s a topic for another day.)

If you get something like this, what do you do?

• DON’T CLICK ANY LINKS. Delete it and forget it!
• If someone calls you, and you suspect it may be fake, HANG UP and call the company at a phone number you know to be correct (ie. off your bill) DO NOT CALL the number they called from, or any number from a questionable email.
• If you’re unsure if an email is legitimate, call the company directly and ask, again at a phone number you know to be correct. We would rather get a hundred calls asking about a weird email than have anyone get scammed.