Social Engineering Is a Big Business
In most cases, tech support scams will begin with a simple phone call. A scratchy but relatively confident voice will introduce the caller as “Mike” or “John” from a trusted web security company. The caller will then claim that there is an issue with your website or hosting plan, and he has you on his list to contact to help you resolve it.
At that point, an attempt to social hack (social engineering) your website begins. If you are not aware, you will allow the stranger to access your website’s back-end and do whatever they wanted to do. The scammer may even lead you to the supposed “error” within your database or other critical files.
In most cases, the scammer will request you to install something that helps to resolve the issue faster. You are not fixing anything. Instead, you are installing malware files into your system files that will allow him/her gain access to whatever they want.
Social engineering via fake support phone numbers is a common scam, and most tech-savvy people will detect it and hang up immediately. With the numerous amounts of sensitive user data stored by websites, scammers are always looking for ways to access the data to sell it or use it to commit other crimes.
The truth is that nobody will ever call you out of the blues to tell you that your website has issues, and you need urgent help to resolve them.
Sometimes, these are randomized cold calls with the scammer hoping to reach someone who has a website. In other cases, scammers may target webmasters and website owners who have shared their information on social media platforms or other websites.
How to Detect Support Number Scams
Although support number scams are quite common, it is relatively easy to detect one. Here are the three main red flags that can help you know if you are dealing with a scammer.
- Unexpected calls: As mentioned earlier, nobody will call you out of the blue claiming to be a tech support technician for company X. The moment you receive such a call, be sure to hang up as fast as possible. It is not a real call, and the more you stay on the line, the more you become vulnerable. Legitimate web security companies do not make unsolicited calls to customers.Don’t rely on the caller ID because scammers can easily fake phone numbers and names that show up in the caller ID information to look like a real company.
- Pop-ups: If you receive a pop-up message on your website, in your browser, or anywhere else requesting you to call support – ignore it, and conduct deep scanning of your website, your browser, and your computer to determine if you’ve been hacked.No matter how legit the message seems, do not call the displayed phone number or click on any links in the pop-up. If you need any assistance, talk to your hosting service provider or your webmaster.
- Fake websites: When using search engines such as Google, DuckDuckGo, and Bing to find support numbers for web companies, be on the lookout for counterfeit sites. Some scammers go to the extent of paying for ads so that their fake sites show up at the top of search results.A search result may claim to be “Godaddy Technical Support,” but when you look at the website address carefully, you will notice that it is fake. Pay close attention to strange-looking website addresses that contain spelling/grammar errors and other apparent typos.It is also best that you go to the company’s website directly to find any support numbers that way instead of using a search engine.
What Should You Do If You Think You’ve Been Scammed?
If you think you have been a victim of a scam and someone has gained access to your website, the first thing you need to do is change all passwords you shared. Do so for every web account that uses the login credentials you shared with the scammer.
After changing the passwords, proceed to conduct a deep scan of your website to determine whether the scammer has implanted malware in your back-end files. If you don’t know how to scan your website, contact your webmaster to help you and make sure you let him/her know what happened. Your webmaster should be able to logout anyone still logged in. Then scan your website to see if you have been hacked. Then, they should be able to repair and restore your website.
If you innocently paid for the fake support services with a debit or credit card, call your card provider immediately to cancel the fraudulent charges and request a new card with a new number. Check your statements regularly for any further fraudulent charges.
You should also consider filing a complaint with the FTC and provide any information you have about the scammer.
The Internet is a Valuable Highway with Some Questionable Drivers Out There
As much as we love the Internet, the superhighway of information, we know it’s also filled with a lot of people out to do harm (steal money, destroy computer files, use your system to spread malicious code, and more). We want to keep you safe as you are tapping into the digital world’s powerful ability to create an income, grow a business, and keep connected to loved ones. It can be expensive not to be aware.