It’s an unfortunate fact that there’s always someone out there trying to take your hard-earned money away from you. On the internet, these hucksters target people with limited technical understanding, and in particular the elderly. In this article we’re going to explain how three of the most common scams today work, and how to protect yourself from them in the future.
The Tech Support Scam
This type of scam has exploded in popularity over the last couple of years, and shows no signs of slowing. This scam can kick off in one of several ways. Uncommonly, it may start with a cold contact: you get a phone call or an email, claiming to be from ‘Microsoft’, ‘Windows’, etc., reporting that there’s a severe problem with your computer and asking you to speak to a representative to get it fixed. The call may make claims that you’re in some sort of serious danger from these “computer problems” or accuse you of illegal activity.
The more common way these kick off is with something as simple as an advertisement. You’re minding your own business on the internet, and suddenly your screen is overwhelmed with warning messages. Sometimes an alarming noise is played or a robotic voice announces a problem. These messages sometimes look realistic, and report that your computer is compromised in some way. If you try to close the messages, they may take over your screen and become “un-closeable”. Many of them will warn you that if you close the message your computer will be ruined or even threaten your arrest. The message will insist that you call a phone number for assistance.
THESE ARE EMPTY THREATS! What you are seeing is simply a webpage like any other, but way more obnoxious. You may encounter this page one of several ways – typosquatting websites (where you thought you typed in one thing but accidentally typed something else), malicious advertisements (which is why we always recommend use of a good adblocker like uBlock Origin Lite), or compromised websites are common causes. This webpage cannot do anything worse than fullscreen itself and ignore your desperate clicking of the “x” buttons. Try holding Esc to get out of fullscreen mode, pressing Ctrl+W to close the current tab or ALT+F4 to close the browser window. If all else fails, simply hard-reset the computer by holding the power button down for ten seconds.
What happens if you call the number? You’ll be connected to a call center (usually in India, though they may claim to be in California or somewhere domestic) where a “certified technician” will walk you through steps to allow them remote access to your computer. Once connected, they will proceed to click around your OS and show you several things that they will declare are gravely wrong with your computer – “foreign attackers” that are connected (which are actually the outside services your computer is connected to), or “critical errors” (common error logging in Event Viewer) will be played up to sound extremely serious. In reality, your computer is almost certainly (mostly) fine.
In the end, they’ll tell you you can pay a certain amount for a one-time fix or a higher amount for a multi-year service agreement. In many, many cases they will try to get you to pay for this service, not with a credit card or a check, but by purchasing gift cards for a service like Google Play or Apple Music and providing them the codes. This is so that the money you give them cannot be charged back.
Any “services” they provide will usually involve installing free software like Malwarebytes Anti-Malware, and will have limited – if any – effect on the operating condition of your device. Meantime, you may have just been talked out of hundreds, if not thousands of dollars. We have met over a hundred victims of this scam, some have lost as much as $5,000.
The Refund Scam
While there are various ways this scam can kick off, it commonly starts with an email you receive that appears to be from Amazon, PayPal, or another reputable service, usually claiming that your order is being processed and displaying an amount that you have supposedly paid or agreed to pay. These can be pretty convincing and might even show an item you “purchased” that seems like something you might actually purchase! These emails will usually provide a phone number to call to cancel or dispute the order. There’s also a variant of this scam that frequently starts with a cold call and claims to be about a tax liability with the IRS. These can vary quite a bit so we won’t get deep into the details, but the basics are similar.
If you call the number, a person on the other end will ask to remotely connect to your computer in order to process your “refund”. In general, they’ll have you log into your banking website, then will blank your screen temporarily (the remote access software has the ability to black out your view) while “confirming details”, when in actuality what they’re doing is live-modifying the webpage you’re on (this is a little weird to explain, and if you want to get into the weeds on it, look up what the “inspect element” feature can be used for. Basically they can edit the appearance of small elements of the page without actually modifying its code permanently.)
They’ll add a line to your transaction list showing the purchase amount on your banking site. Simultaneously with this they’re taking mental note of how much money you have in your account. After all, it doesn’t do a ton of good to try to scam you for $10K if you only have $1K, but if you’ve got $10K available, then they’ll try to scam you for everything they can get! They’ll show you the screen again and say ‘look here, this is where you purchased the item. You want us to refund this amount, correct?’ Once you confirm, they will say they are processing the refund (your screen will blank again) and they will add another line to your banking transaction history – this time for a refund. But they’ll add a few zeroes – say your supposed purchase was for $650.00, but they noted you had $8,000 in the bank; they’ll create a line that shows they refunded you $6,500.00!
After this, they will ask you to verify that the refund was for the correct amount, then when you point out that they refunded too much, they will feign shock, surprise, and distress, insisting that they will lose their jobs and be unable to feed their families. They will beg you to return the money, usually offering to let you keep some of it in exchange for your “trouble” – for example they may only ask for $5,000 back and let you keep the extra. Where it gets really scuzzy is that “to avoid documentation”, they will ask you to withdraw cash from your bank and mail it in a box to an address they provide. These addresses are usually domestic, and a middleman will take the money, keep a bit of it, and deposit the rest to an account controlled by the scammers.
You’ll be left without all your money and no hope of getting it back – over a refund for something you never purchased.
The ‘Sextortion’ Scam
This one is particularly ugly because it preys on human fears while simultaneously being very convincing by showing you private information that only you should know. To understand how this works, it’s important to remember that occasionally, services and websites get compromised. Account credentials may leak onto the internet, including your email address and password. This is why it’s critical to use different passwords on every service, and to change them occasionally – especially after you get informed of a data breach involving a service you use. These lists of credentials can be easily found in ‘pastes’; usually on the dark web but also sometimes on the clearnet. You can check the website haveibeenpwned.com to see if your credentials have ever been compromised before.
Typically, you’ll get an email which reads like a ransom letter. The sender declares that they installed malware on your computer at some point, that they know all your information, and they will prove this by showing you one of your passwords. Remember, they got this password (and your email address) from one of these credential pastes. It may or may not be a password you still use but it will be familiar to you, which lends the email some credibility.
They will also declare that this malware allowed them to see what websites you visit and to record your camera, and then they will compliment your taste in pornography, before declaring that they will forward video of you – ahem – “handling your business” to all of your friends and family (and your boss!) unless you pay a certain amount, usually via cryptocurrency.
This threat seems to have a strong effect on people we meet, whether they actually consume pornography or not. Look, we don’t judge, do what you do as long as it’s legal! But the threat is intimidating, especially in the context of the supposed credibility of the “hack”. So we have talked to some extremely panicked people convinced that their computer is thoroughly compromised.
The important thing to remember is that this is a scam – while, clearly, they do have access to an old password of yours, they have not accessed your browsing history and/or camera. Nobody’s going to know about your naughty time.
Separating Fact From Fiction
We get a lot of questions about how someone can properly identify a scam. The truth is that separating fact from fiction is a skill, and nobody is perfect at it. The senior tech at The Computer Cellar once fell for a PayPal phishing email. It happens. But probably the most important thing when encountering a potential scam is to not panic. Take a moment, think about what you’re seeing, and process whether it makes sense or not. Then get a second opinion. If you have access to another device, why not Google and see if it’s a common scam? Use your phone and call a friend (or a computer repair shop!) and get their take on it.
It’s also a good idea to try to keep an eye on technology news for new threats and scams as they become common.
The Big Rule
Our #1 rule for avoiding scams, and we will scream it from the rooftops until some of you get it: DO NOT LET ANYBODY REMOTELY CONNECT TO YOUR COMPUTER UNLESS YOU KNOW THEM PERSONALLY. It does not matter who they claim to work for or represent. Don’t let them connect, and then they can’t scam you.
Aftermath and Cleanup
If you’ve fallen for a scam and they accepted money directly from a credit card or bank account, the good news is that most banks are familiar with this scam and can assist you with securing your accounts and getting that money back. If you bought gift cards or shipped cash, you may have more difficulty.
As for your computer, remove the remote access software. It would be a good idea to have the computer checked by a shop such as our own, as some remote access software can be thoroughly hidden. It may also be a good idea to have it checked out for other malware/adware as well (not to put too fine a point on it, but if you fell for one of these, there’s a good chance you’ve fallen for malware tricks at some point!) A general checkup may also give you peace of mind that any threats that something was “wrong” with your computer were untrue.
The most important thing is to learn from the experience. Nobody likes to fall for a scam, but if you learn from the mistake – and share information with others to help them avoid making the same mistake – you may be able to save someone else the same pain. If you belong to a neighborhood mailing list or a small community, share your story. Try not to be ashamed – nobody’s perfect! – but provide details that others can watch for.
Finally, if you got deep into the process or actually lost money, fill out this form to report the scam to the FTC. It’s difficult for domestic authorities to take action against foreign-run scams, but every little bit of effort helps. Even if only you can get a bait page taken down, you’re helping others.
After it’s all blown over and you’re getting back to normal, you may take some joy from revenge by proxy. Scambaiters like Kitboga, Pierogi, and Jim Browning spend time educating the public on these scams while exacting various forms of justice – some will call the scammers and waste as much of their time as possible (sometimes in as funny a way as they can: time spent on a prank call is time not spent scamming someone else.) Some go deep into a gray area of hacking the scammers’ call centers, sabotaging their efforts, and reporting them to their local authorities, while contacting potential and active victims and warning them not to give up their money.
The internet, despite its evolution into a largely safe place, is still fraught with threats, and no anti-virus software can save you from yourself. You are the best line of defense against online scams, and staying educated is the best way you can be prepared.