It starts innocently enough. Your business phone rings—it’s usually a customer or one of your vendors. But this one sounds different. The person on the other end claims to have the solution to a mysterious problem with your computer.
Well, it’s not so innocent. These days, many of these calls are tech support scams. The scam: Callers attempt to trick you into installing malware on your computer or into paying for technical support services you don’t need or will never actually be performed.
A typical scenario
Scammers may know your name or some information about your business. They might claim to work for the company that manufactured your computer or your operating system or represent a third-party vendor. In some cases, they go beyond phone calls and also generate automated, official-looking popups or other messages on a website you visit or send you an email.
Whatever the case, the scammers often try to get you to run commands on your computer or provide them with account login information so that they can do the “necessary” repairs for you. They may tell you that the strange commands you see them remotely inputting on your computer are evidence of malware infection or another problem.
These calls and messages from people you didn’t contact first are fraud. The people behind them are attempting to obtain information—account logins or passwords—that will let them steal information from your computer or install malware, or they’re making you pay for services you don’t need.
If you get such a call or message, just hang up or delete the message, and never click on a random pop-up asking you to install anything.
Remember, big tech companies like Microsoft, Apple and HP do not make unsolicited calls or send unsolicited messages to sell tech support services.
What to do if you’ve been scammed
If anyone in your business has fallen for a tech support scam, take steps to limit the damage.
If you have provided the scammer with access to your computer or other accounts, change your passwords. Notify companies connected to the accounts whose passwords were compromised so they can monitor your account for any fraud.
If scammers have accessed your computer or installed software on it, you’ll likely want to have a legitimate technical or security expert check it for malware or other security risks. If you have customer or employee information on the computer or accounts accessed, you may also want to talk to an attorney about the possible legal implications of any data breach.
If you’ve provided the scammer with credit card or banking information, contact your financial institution as soon as possible so the charges can be reversed and any future charges can be blocked. Credit cards may need to be reissued with new account numbers, so work with your financial institutions and any vendors you pay from those cards to avoid disruptions to your business. Continue to check your statements for future fraudulent charges.
If you have insurance that covers cybersecurity risks or business losses due to fraud, you may want to contact your insurance company for advice or to file a potential claim.
Law enforcement wants to hear from you
Whether you’ve been successfully defrauded or not, you can report scam attempts to the Federal Trade Commission or the FBI online and to local or state law enforcement (many local police agencies can take reports online as well). This can help these agencies stop the scams.
Additionally, if you need to reverse charges or file insurance claims related to the fraud, it may be helpful to have a police report that you can provide.
The importance of a tech support plan
Tech support begins with your internet service. Your provider probably has a security package that protects you from malware, scams and more. Make sure you have a software and device protection plan.
Next, decide what types of computer problems you’re able to handle in-house and which you’ll want to refer to an outside expert. Locate a person or vendor you trust to handle your tech-support needs. Establish and make sure you understand clearly what the terms of a potential agreement will look like, including hours you can call for support and how long it will take to receive service.
Communicate all of your security policies and practices to your employees. They need to know what they should attempt to fix themselves, what they should refer to someone else in the company and what they should bring to your tech-support vendor if you have one. Being smart about tech security can keep your business safe.