CyberVoices

Canadian cybersecurity news an thought leadership

 

hero-jobbies-7

The Evolution and Impact of Tech Support Scams: A Comprehensive Overview

Tech support scams involve criminals impersonating technical support personnel to trick individuals into believing their computers are compromised by viruses or hackers, leading to financial theft. These scams, which began over a decade ago, have significantly evolved and diversified. During the 2020 COVID-19 pandemic, the number of tech support scam cases grew by 13%, and the average financial loss per victim increased by 140% compared to 2019, rising from $4K to $9.5K. The most recent statistics states that victims reported the highest average financial loss to tech support scams in 2022, with losses averaging $24.8K per victim.

This blog post presents a summary of a research briefing note written by Claire Gagnon. Claire has a master’s degree in criminology from Université de Montréal and has conducted this work as part of the research program of the Research Chair in Cybercrime Prevention. The research briefing note is available in French and in English.

Tech support scams typically originate from organizations operating like legitimate call centers, predominantly based in India, with some in the U.S. and Costa Rica. These entities employ about a dozen fake technicians who employ various methods to contact potential victims, including unsolicited phone calls, emails, and fake tech support websites designed to appear legitimate. They often use unauthorized survey techniques to manipulate search engine rankings, making their fake sites more visible. The most common technique, TechBrolo, involves displaying an alarming, unremovable message to prompt contact with the scammer.

Once contact is made, scammers usually pose as employees of major tech companies, convincing victims to allow remote access to their devices. This access enables scammers to install spyware or steal personal data, falsely identifying non-existent threats and charging victims for bogus services. Payments are increasingly demanded via non-traceable methods like reloadable cards and gift cards, complicating recovery efforts.

Victims vary widely, but in 2018, 6% of those affected lost money, down from 9% in 2016. Losses range from under $100 to tens of thousands of dollars. The emotional toll is also significant, with many victims experiencing stress and wasted time. English-speaking countries are most targeted, with the U.S. accounting for 58% of scam attempts using the TechBrolo technique. Germany uniquely reports most scam contacts as unsolicited, and India has the highest rate of financial loss victims. Older individuals are more likely to fall for unsolicited calls, while younger individuals tend to visit scam websites.

Prevention involves public education and awareness campaigns, such as Canada’s Fraud Prevention Month. Increased awareness has led to a higher percentage of individuals wary of unsolicited calls. Collaborative efforts among police, governments, and businesses have also been effective, with operations like Tech Trap dismantling fraudulent organizations.

Technologically, detection tools like Notos and ROBOVIC help identify malicious domains and scam advertisements quickly. Despite this, fraudulent sites often disappear before being blacklisted or removed. Continued advancements in these tools are crucial for reducing consumer exposure.

A standard, inclusive definition of tech support scams is necessary for better understanding and combating this issue. Research on victim profiles and the internal workings of scam organizations is limited but essential for developing more effective prevention strategies. Enhanced studies could help identify risk factors for repeat victimization and improve prevention initiatives. Public awareness remains the cornerstone of defense against tech support scams, ensuring consumers recognize the tactics used and avoid falling prey to these schemes.