A significant number of scareware and tech support scams are being reported at the University. These scams involve a website pop up declaring a computer or phone is infected with a virus. The pop up will appear to be from a reputable company like Apple, or Microsoft. It will provide instructions for software to download or provide a tech support number to resolve the problem. This is an example of one technique used: scareware example. Sometimes these messages will also include loud voices.
There is no problem. The device has not been infected, accounts have not been compromised, nothing is wrong. Scammers craft convincing pop up messages on the device and will engage in scare tactics over the phone, like this conversation with a Federal Trade Commission (FTC) investigator: Undercover Investigation.
Scammers will sometimes go to extreme lengths to get their scary messages into legitimate places. In 2011, a group of scammers conducted an operation that included creating a fake advertising agency in order to get a malicious digital advertisement placed on the Minneapolis Star Tribune’s website. Patrons of the digital newspaper were then subjected to scary messages about viruses when visiting the site (FTC Case, 2012). This was despite the website itself being legitimate.
These scams are very effective and sometimes difficult to resist. Don Holmes, a retired business consultant living in Sun City West, Arizona, experienced this firsthand: Don’s Story.
It is important when receiving these scary messages and phone calls to take a moment to think about the situation. There are a couple important things to keep in mind:
- It is very unlikely that Microsoft, Apple, or any other major company will call or contact individuals about security issues with their devices.
- There is no need to interact with a pop-up that claims to be a security message. Open the security software installed on the computer to see what’s going on instead.
- There is never any reason that a complete stranger should be remotely connecting to an individual's device.
- Always check with BITS when receiving security warnings on campus owned equipment before taking any actions. On personal devices, consult with a knowledgeable friend or family member before acting.
References
FTC Case Results in $163 Million Judgment Against “Scareware” Marketer | Federal Trade Commission. (2012, October 2). FTC.gov. https://www.ftc.gov/news-events/news/press-releases/2012/10/ftc-case-results-163-million-judgment-against-scareware-marketer
Gatlan, S. (2023, July 17). Police arrests Ukrainian scareware developer after 10-year hunt. https://www.bleepingcomputer.com/news/security/police-arrests-ukrainian-scareware-developer-after-10-year-hunt/
Howden, A. (2017, May 14). Scareware Example. Youtube.Com. https://www.youtube.com/watch?v=v5--o6ia530&t=37s
How to Avoid a Tech Support Scam | Federal Trade Commission. (2019, March 7). Youtube.com. https://www.youtube.com/watch?v=THYmUx3ofJk
How To Spot, Avoid, and Report Tech Support Scams | Consumer Advice. (2022, September). https://consumer.ftc.gov/articles/how-spot-avoid-and-report-tech-support-scams
Lenaerts-Bergmans, B. (2022, September 30). Scareware: Definition Examples & How to Prevent It—CrowdStrike. Crowdstrike.Com. https://www.crowdstrike.com/cybersecurity-101/malware/scareware/
Tech Support Scam—Undercover Investigation. (n.d.). Retrieved February 22, 2024, from https://www.ftc.gov/media/70930
What is scareware? (2023, January 5). Microsoft.Com. https://www.microsoft.com/en-us/microsoft-365-life-hacks/privacy-and-safety/what-is-scareware