Tech Support Scams are nothing new, but the bad guys are furiously innovating and there is a new variation you need to warn your users about. A few years ago this started out with bogus tech support calls from Microsoft or Apple, or more recently from your ISP which are still going on as we speak... But wait, there's a new flavor!
Complete bogus websites that spoof major IT security software developers
We are talking companies like Symantec, McAfee, Malwarebytes and Kaspersky. The bad guys use shady SEO technology to get high on search engines and trick end-users into believing they are the real deal.
Next, the end-user is social engineered that they need to download the latest version, but a popup shows up with an 800 number and claims there is something badly wrong with their computer which needs to be fixed immediately before they download the new version.
You can guess the rest. Most people do not know this, but in India, in and around the capital of New Delhi, there are dozens of criminal call centers that do nothing else but run scams like this all day long.
I suggest you send this to all your users, friends and family. Feel free to copy/paste/edit:
[WARNING] Bad guys have a new scam. They create websites that look just like the real sites from security software vendors like Symantec, McAfee, Malwarebytes, Kaspersky and others. When you search for these sites, you could very easily pick the fake site instead of the real one.
These sites will then try to trick you into believing there is a new security software version you urgently need to install. But when you click the download button, a popup shows an 800-number claiming there is something badly wrong with your computer which needs to be fixed immediately before you download the new version.
When you make that call, a scammer with a foreign accent answers the phone, demands remote access to your computer, and charges you a hefty credit card fee to fix an imaginary problem. It's not hard for the bad guys to create a fake website that looks just like the original, so make sure you verify that the website is legit!
Only give out confidential information when YOU have initiated the call and never call numbers in an email that just appeared in your inbox. Only call a toll-free number that you know beforehand is legit, like on the back of your credit card, a statement you have received in the mail, or the order confirmation email you received at the time you bought the product.
And remember... Think Before You Click!
To counter these scams, KnowBe4 is regularly releasing new training modules. For example we just came out with "Ransomware"and "Ransomware For Hospitals", and in the next few weeks we will release "CEO Fraud" and "Safe Web Browsing".
Train Your Users And Turn Them Into A Human Firewall
With the bad guys innovating as fast as they are, it is clear that you need to step your users through new-school security awareness training which includes frequent simulated phishing attacks to keep them on their toes with security top of mind.
Join the 4,000+ organizations that use KnowBe4 and make your employees your first line of defense. Find out how affordable this is for your organization and be pleasantly surprised. Get a quote now:
PS: Don't like to click on redirected buttons? Cut/Paste this link instead:
Warm regards, and let's stay safe out there.
Stu Sjouwerman, Founder and CEO