In looking at the various types of impersonators, there are a variety of breeds. There are the ones lurking quietly on the web advertising their services when frustrated consumers do an internet search for “my iPad is frozen,” the ones who use government agencies like the FTC’s good name to try to trick people into paying them, and the ones who use fake social media accounts to gain consumers’ trust, then just happen to show up with a fix when someone’s device is on the blink.
How tech support impersonators set the scene
ITRC Chief Victims Officer, Mona Terry told ConsumerAffairs that the impersonator trend is real – and dangerous. One narrative she offered on tech support impersonators goes like this:
“The victim receives a popup window from ‘Microsoft’ or ‘McAfee,’ or they went to Google to search for tech support from Google or Microsoft and thought they were calling that company. However, they actually reached a scammer. The popup tells the victim that their antivirus is out of date or their device has been compromised and to call for service,” Terry said.
“The victim calls and is then asked to share bank account information or send payments via gift cards, as well as give the scammer access to the device to make repairs.”
At that point, the scam is complete. The impersonator has their money and, possibly, the keys to someone’s personal identification that they could sell to other criminals.
How to stop an impersonator in their tracks
The number one thing to remember so you don’t fall victim to a tech support impersonator is to never trust any pop-up advertisement, graphic, or message until you’ve contacted the company mentioned in the pop-up, Terry said.
If a pop-up says your version of Microsoft Windows needs repair, then call Microsoft directly before talking or giving information to anyone else.
“Red flags are when the company wants to access your computer remotely, immediately, to fix it, and wants payment in the form of gift cards, or wants you to share your bank account and routing information for payment,” Terry suggested.
Another red flag was offered by Hank Schless, senior manager of Security Solutions, at Lookout, a mobile security application designed to block connections to possible impersonator-driven sites. He said that attackers have a tendency to be aggressive and pushy.
“Attackers will always try to create high-pressure situations that cause you to not think about what’s happening,” Schless said. “If you’re ever contacted in this way and the individual is asking you to download an app or click a link, simply don’t.”
The last red flag – one about social media impersonators – comes courtesy of Sergi Garcia, chief marketing officer at Red Points. He said that one thing that’s a dead giveaway you’re dealing with a scammer is a Facebook page that has fewer followers than it should.
For example, the “real” Macy’s Facebook page has 14 million followers. If you get nudged to go to a Facebook page titled, say, “Macy’s Black Friday Specials” and it only has 134 followers, run the other way fast.
“When keeping an eye out for social media impersonators, be suspicious of business profiles that aren’t verified by the social network, too,” Garcia said.
Finding out if a Facebook page is verified is pretty simple. At the top, search for the page or profile and click the magnifying glass. Then, click the public figure’s page or profile. Lastly, look for a checkmark in a blue circle next to their name.
Big Tech has its ideas, too.
When ConsumerAffairs reached out to Big Tech'ers, Microsoft stepped up to say that neither it or any of its authorized partners will ever send unsolicited messages or make unsolicited phone calls to request personal or financial information, or to provide technical support to fix your computer.
Regarding phone calls, Amazon said that, yes, some of its departments will make outbound calls to customers, but that no one at Amazon will ever ask you to disclose or verify sensitive personal information, offer you a refund you do not expect, or charge you money for tech support.
Amazon also said that if anyone is unsure about who is safe to speak to and what information is safe to share, all they have to do is use its self-reporting tool.
While Google didn’t respond to ConsumerAffairs request for comment, Lookout’s Schless shared this:
“Google recommends that customers never enter their password after clicking a link in a message,” he said. “If you’re signed in to an account, emails from Google won’t ask you to enter the password for that account.
If you think an email that looks like it’s from Google might be fake, go directly to myaccount.google.com/notifications. On that page, you can check your Google Account’s recent security activity.”
If you wind up the victim of an impersonator
The FTC says chances are good that if you paid a tech support scammer with a credit or debit card, you may be able to stop the transaction. “Contact your credit card company or bank right away. Tell them what happened and ask if they can reverse the charges,” the agency said.
On the other hand, if you paid a tech support scammer with a gift card, your chances of recovering your money might not be as good as with a credit card, but the FTC says you should still contact the company that issued the card as soon as possible. “Tell them you paid a scammer with the gift card and ask if they can refund your money,” the agency said.
“If you gave a scammer remote access to your computer, update your computer’s security software. Then run a scan and delete anything it identifies as a problem,” the FTC said regarding the actual functionality of the computer the scammer had access to.
“If you gave your user name and password to a tech support scammer, change your password right away. If you use the same password for other accounts or sites, change it there, too. Create a new password that is strong.”