The US Federal Bureau of Investigation (FBI) has warned of an increase in tech support scams that attempt to trick users into sending cash via snail mail.
“Tech support scammers usually initiate contact with older adult victims through a phone call, text, email, or pop-up window purporting to be support from a legitimate company,” the FBI says. “The scammer informs the victim of fraudulent activity or potential refund for a subscription service. Subsequent emails, pop-ups, and texts contain a phone number for the victim to call for assistance. Once the victim calls the number, a scammer tells the victim they have a refund for the victim, however, the only way the money can be sent is by connecting to the victim's computer and depositing it into the victim's bank account.”
The scammer then tricks the victim into downloading a remote access tool onto their computer.
“The scammer tells the victim they can assist with the refund and convinces the victim to download a software program allowing the scammer remote access to the victim's computer,” the Bureau says. “Once a connection is established, the victim is convinced to log on to their bank account. The scammer then supposedly transfers an amount to the victim's bank account but ‘accidentally’ deposits a much larger amount than intended. The scammer points this ‘error’ out and tells the victim to return the extra money or the scammer will lose their job.”
After playing on the victim’s emotions, the scammer convinces the victim to send the extra money back in cash.
“The scammer instructs the victim to send the money in cash, wrapped in a magazine(s), or similar method of concealment, via a shipping company to a name and address provided by the scammer,” the Bureau says. “Most recently, scammers have instructed victims to ship packages containing money to pharmacies and retail businesses that are equipped to receive shipping company packages.”
The FBI gives the following recommendations to help users avoid falling for these scams:
- “Never download software at the request of an unknown individual who contacted you.
- “Never allow an unknown individual who contacted you to have control of your computer.
- “Do not click on unsolicited pop-ups, links sent via text messages, or email links or attachments. Do not contact the telephone number provided in a pop-up, text, or email.
- “Never send cash via mail or shipping companies.”
New-school security awareness training can enable your employees to thwart social engineering attacks.
