7.10.25

Preventing Tech Support and Internal Help Desk Scams

Cyber-criminals’ methods for infiltrating networks and stealing sensitive data are constantly evolving. Among the most deceptive tactics they use are technical support scams and internal IT help desk scams. In tech support scams, attackers pose as representatives from well-known technology companies, claiming they will fix non-existent issues. They may use unsolicited pop-up messages, social media adverts or phishing calls or emails in these fraudulent communications. They then attempt to run a fake “scan” of the computer, finding non-existent issues and claiming they need remote access to remedy them. Once granted, the hackers may install malware, request enrolment in a fake support contract, or demand payment for fraudulent software or services.

In IT help desk scams, cyber-criminals pretend to be internal IT staff, often using urgent language to manipulate employees into granting access to secure networks or sharing confidential information. Tactics commonly include voice phishing (vishing), text message phishing (smishing), fraudulent emails, and fake messages sent via collaboration platforms.

With both types of tech support and help desk scams, cyber-criminals employ social engineering strategies to fool employees, communicating with urgency and utilising technical jargon and scare tactics (e.g. stating it is a major issue) to pressure employees into divulging sensitive information. When someone believes they’re speaking with a legitimate authority figure who is offering help, they may be more likely to comply with requests that compromise security.

The consequences of falling victim to these scams can be severe. Beyond the immediate loss of data or financial assets, organisations may suffer long-term damage to their reputation, face regulatory penalties and experience operational disruptions. Recovery can be costly and time-consuming, especially for organisations without robust incident response plans. Fortunately, raising employee awareness is an effective way to reduce the risk of these attacks. Employees should be mindful of the following red flags:

• Unsolicited contact (e.g. calls, emails, pop-up messages) from someone claiming to be tech support or IT staff.
• Credential requests for passwords, multifactor authentication (MFA) codes or remote access.
• Urgent language or threats of consequences if immediate action isn’t taken.
• Abnormal payment requests through non-conventional methods (e.g. untraceable gift cards, cryptocurrency, bank transfers, links to enter payment details)

Prevention Strategies

Employers can take several proactive steps to protect their organisations, such as the following:

• Implement regular cyber-security training that includes real-world examples of scams and phishing attempts.
• Establish clear protocols for IT support communications, including verification steps.
• Use MFA to add a layer of security.
• Limit administrative privileges to reduce the potential impact of a compromised account.
• Foster a culture of cyber-security where employees feel comfortable questioning suspicious requests, even if they appear to come from internal sources.

In addition, businesses should maintain up-to-date security software, monitor network activity for unusual behaviour and have a response plan in place in case of a breach.

Contact us today for additional cyber-security resources.

Information provided by Zywave with a contribution from Lisa Langley, Cert CII, Team Leader Professional Risks, Cox Mahon Ltd.