Security Alert: Tech Support Phishing Scams

There have been a number of recent phishing incidents in which a caller pretends to be tech support from Microsoft – even spoofing caller ID.

If an employee is tricked by one of these scams, they might give control of their desktop to the “technician” who would then have access to your network and all of your data.

Make sure your staff knows of this issue to avoid being scammed and be aware of the variety of tactics the hackers may use to gain access to your data:

  • Some scams involve someone calling and identifying themselves as a technician from the company. They will even spoof your caller ID so you will believe the call is coming from a company like Microsoft or Google.
  • Scammers may try to trick you into believing there is an issue by displaying fake errors on websites to entice you to call support.
  • In some cases, your browser will lock on a pop-up message telling you to call tech support immediately and providing the number you should call.

Microsoft has issued a warning about these incidents, reiterating that they will never include a phone number with error or warning messages. They have also asked for help in stopping the scams by asking users to report the scams.

If you have been the victim of a scam or are concerned that you may have unwittingly installed software or provided access to a hacker posing as a support tech, there are immediate steps you can take:

  • Delete any apps or software you were asked to download
  1. Change passwords that may have been compromised
  2. Cancel any credit card used to pay the technician and notify the credit card company of the issue
  3. Contact your thinkCSC technician to determine the extent of the data breach and next steps.

As always, we encourage users at every level of the organization to consider every request for information, payment, or access with extreme caution. Report all suspicious activity to your IT department or supervisor.