A new study of online “tech support” scams shows that millennials – not the elderly – may be hardest hit by the widespread frauds, and their victimization may extend far beyond the initial loss of money.
Scam artists are using the ploy to plant malware in victims’ computers and steal personal and financial information that can be used to commit identity theft later, according to a national study released Monday by Better Business Bureaus in five cities working with the Federal Trade Commission and FBI.
Thousands of Americans have been exposed to the scam, which often appears as a pop-up ad that looks like a legitimate alert about a computer virus.
In other cases, scammers contact people by phone or email, sometimes claiming they are from Microsoft tech support or insisting that the consumer needs to renew a software license.
The FTC and the FBI’s Internet Crime Complaint Center (IC3) reported getting 41,000 complaints from U.S. consumers losing $21 million in the first nine months of this year.
Experts say that number is probably only a fraction of the real number of victims. The BBB study noted that Microsoft has reported getting about 12,000 complaints per month worldwide about tech support scams.
“The scam is truly unreported,” said Steve Bernas, president of the Chicago BBB.
The scammers ask for payments ranging from about $500 to thousands of dollars to “fix” a supposed problem with the computer.
Often, they will ask the victim to allow them remote access to their computer. Victims have reported spending long periods of time watching the cursor on their screen move as the phony tech says he is fixing the computer; this adds to the consumer’s belief that repairs are actually being made.
Instead, consumer advocates say, the scammer is just pretending to install a fix, or worse, they are installing malware that lets them peer into the victim’s computer files and capture keystrokes that divulge passwords and PINs.
Some victims get hit a second time when the scammers use this information to commit identity theft.
Bernas said many victims don’t even realize they’ve been scammed, because they think they paid a real tech company to fix their computer.
A 2016 Microsoft report showed that consumers aged 25 to 34 were six times more likely to lose money to a tech support scam than consumers who were 66 and over.
“Millennials live their life online … they’re most likely to encounter pop-up messages,” said Todd Kossow, Midwest regional director of the FTC.
These tech support scams differ from “ransomware” attacks, in which criminals take control of a system or steal data and demand a ransom to release it. Tech support scams start by fooling the victim into thinking there’s a need to fix their computer, phone or tablet, when in reality nothing is wrong with their device.
If you get a pop-up ad that claims your computer is infected, just shut down your computer without clicking on the ad, Bernas said.
The scams can be quite sophisticated.
Yonah Klem, of suburban Chicago, said she was scammed in September after first getting a notice claiming she had signed up for an online shopping service. She hadn’t, so she replied to the supposed vendor, who told her she had malware on her computer that needed to be cleared. That person referred her to a supposed tech support company, who claimed they could fix the problem for $1.000.
She paid the money and gave the person remote access to her computer.
Later, she and her husband had second thoughts. They asked a friend who was a computer expert, who told them it was a scam.
Klem described the whole process as “slick,” adding, “We’re both smart people and we got snookered.”
The Federal Trade Commission has had some success against the scammers, bringing 17 cases since 2012 and recovering several million dollars in restitution for consumers, Kossow said.
But because the scammers themselves largely operate from overseas – often based in India -- educating consumers is an important line of attack.
The agency has a new web page with information for consumers.
The BBB offers this advice:
-- Never purchase software or services from an unsolicited call, email, online ad or bogus website.
-- Don’t give control over your computer to a third party unless you are certain it is a legitimate tech support service.
-- Make sure you have quality, up-to-date anti-virus software.
-- If you get a pop-up alert, call or email that seems suspicious, just ignore it – do not click on anything or call them back.
-- If you think you have been victimized, report the scam to the authorities and have your computer checked by a reputable tech services company for possible malware.
-- Frequently monitor your credit card and bank accounts for any signs of fraud.