If you're starting to feel like every second tech story you read is about another hack, scam or security breach, you're not alone. And that's the problem. We're all being targeted and sadly, if you haven't already fallen victim to some kind of cybercrime, statistically, it's probably only a matter of time.
I get that you might be suffering from scammer article fatigue and you've already changed your username and password seventeen times already this year but I really urge you to read on because I found this one pretty scary... and I have to study up on this stuff for my job.
What we're dealing with here is the evolution of the "Technical Support Scam" - literally one of the oldest tricks in the book.
In the old days, this scam was likely to be more of a phone-based scenario; your phone would ring and someone with an unusual accent would claim they were calling from Microsoft, or maybe from your ISP and then go on to tell you about all the things that are wrong with your computer right now. In order to fix these fictional security flaws, you'd have to give them remote access to your PC, at which point they could obviously have their way with anything stored there.
These calls, while annoying, were usually pretty easy to identify as scams given a) often they'd tell me my computer was alerting them to a problem when it wasn't even switched on b) they'd claim to be from an ISP I wasn't a customer of and c) sometimes I was at my mum's house and she didn't even have a computer.
Well, things have changed. Now the Tech Support Scam is more likely to originate right from your own browser and it might look like this...
Seems pretty legit, right?
According to NortonLifeLock Threat Labs, most often the error messages contain fake virus warnings or highlight outdated antivirus software. Or they might show a Windows “blue screen of death”, an error screen displayed on Windows following a fatal system error.
So all of us, basically.
It's easy to laugh off a scam like this and claim you'd have to be an idiot to fall for something so obvious... but what if you were confronted with this message, completely out of the blue?...
Sounds terrifying but the truth is, if it's a popup window you can just close and go back to your browser, it's probably not real.
Then there's the product-specific stuff NortonLifeLock Threat Labs was looking into in the first place. This is where things start getting really cynical. When you Google "Norton support", the scammers have managed to finagle their fake links into the list of suggested sites. Click on the wrong one and your journey down the dodgy rabbit hole begins. Check out the use of images of kids with the "genuine-looking" Norton branding...
Needless to say, clicking on any of these links, or ringing any of these numbers immediately opens you up to a world of online hurt - all disguised as the very thing that's supposed to protect you from a world of online hurt; tech support.
Just as with those old phone-based scams I mentioned earlier, you'll be prompted to download special diagnostic software to fix your nonexistent security issues - which you'll first have to pay for, via pre-loaded debit card or bitcoin - or worse still, you'll be walked through the steps to grant the "helpful tech support specialist" on the other end of the line remote access to your PC.
Luckily, the team at NortonLifeLock Threat Labs have come up with a simple checklist to help you identify tech support scammers. Sure, a lot of this stuff is common sense, or precautions you already take but it doesn't hurt to run through a little reminder every now and then...
- Make sure to check the web address you are visiting. For example; for Official Norton Support, confirm that the website address displayed is https://support.norton.com.
- You should never make a payment over the phone unless it is a call that you have initiated, and you have verified the number that you are calling is legitimate. Use official contact details from the company website.
- Never hand money over to someone who has called you unexpectedly. Companies like NortonLifeLock, banks, utilities providers, and governments will never cold call customer and ask for personal information, bank details, or gift card payments.
- It's highly unlikely you will ever receive an unsolicited call from a legitimate provider to fix issues with your computer for money (You will only receive a call if you request it.)
- Most support teams will never ask that you pay for support in the form of gift cards or Bitcoin.
- If your computer displays pop-ups and error messages with a phone number, don’t call the number. For Norton subscribers, keep in mind that when the software detects a threat, it will never ask you to call Official Norton Support via a toll-free number.
Remember, this isn't just a Norton-only issue - scammers are happy to impersonate tech support from anywhere to win your trust and take your money.
However, if you'd like to know more about this kind of scam and how to avoid it, NortonLifeLock Threat Labs has published a fantastic blog with all the details.
You can trust me... but feel free to hover over that link and make sure it's legit before you click. I won't be offended.