Employees receive phone calls, pop-ups or email alerts about problems with their office computers. To help—or perhaps fear they clicked on something that caused the glitch—employees are instructed to send money, hand over personal information, or provide access to your systems. As a small business owner, you know this is a tech support scam, but are you sure every member of your team has the skills to recognize it? The FTC has new resources to help protect your company from cybersecurity risks, including tech support scams.
How the scam works
Scammers often impersonate people from well-known computer-related companies. They use confusing technical talk and smoke and mirrors—perhaps a fake “scan” of your system—to convince your employees that urgent action is necessary.
The next step depends on the scammer’s goals. Data thieves may come up with “fixes” that allow them to gain remote access to your network. Once inside, they can steal sensitive data or install malware to facilitate future intrusions.
Others only care about cash. They may try to convince your employees to sign up for a worthless computer “maintenance” or “warranty” plan. Or they may ask for your credit card number so they can bill your company for false repairs. In a variation of this scam, they may direct your employees to a website that asks you for account information, passwords or personal data.
How to protect your business
If someone calls your employee and says there’s a problem with the computer – even if it looks like a local number or the caller ID says it’s from a reputable company – instruct your employee to hang up.
If this email appears to be from a trusted business, please do not reply. Don’t click on any links. Don’t share passwords. And don’t call the phone number in the message.
If it comes as a pop-up, the advice is the same: don’t reply. Don’t click. Don’t share. Don’t call. Tech support scammers are experts at spoofing caller IDs, email addresses, URLs, and more. Therefore, these are not reliable ways to differentiate between tricky and credible.
Of course, some pop-up messages about computer problems are legitimate, and sometimes your IT staff needs to talk to staff.Train your employees to respond by calling or emailing colleagues you Specify using numbers or addresses you Already provided in advance.
What to do if you’ve been scammed
If someone in your business has shared a password with a scammer, change the password on every account it is used on. Stick to a unique password for each account.
To protect against malware, use legitimate security software and keep it up to date. Use the software’s scan feature and delete anything it flags as a problem. If you need assistance, talk to a trusted security professional in your community. If a malware-infected computer is connected to your network, you or a security professional should check the entire network for intrusions. Report the attack immediately at FTC.gov/complaint.
If an employee purchased fake services from a tech support scammer, ask your credit card company to reverse the charge. Keep checking your monthly statements to make sure scammers don’t try to come back – and report them to the FTC.
Bring these points up at your next staff meeting and use this fact sheet as a discussion starter.
Next: Supplier security
