Got a pop-up message from tech support? It’s probably not the real thing. Tech support scams were the top phishing threat for organizations in the third quarter of 2021, reported NortonLifeLock.

Tech Support Scam Takeaways

The consumer antivirus company reported that it blocked over 12.3 million tech support URLs connected with scam attempts between July and September. At this volume, tech support scams served as the top phishing threat during that period.

Those numbers weren’t a surprise. For instance, Microsoft noted that, while the numbers of this kind of scam reported to them generally fell since 2018, 60% of consumers faced a tech support scam between July 2020 and July 2021. One in six of those people fell for the ruse. In response, 30% of victims suffered computer problems. This was followed by compromised passwords and fraudulent use of payment cards at 23% and 18%, respectively.

Out of all the age groups surveyed, millennials and Gen Zers experienced the greatest exposure to tech support phishing scams. One-tenth of respondents from both age groups fell for the ploy, losing money in the process.

Why Tech Support Scams Are More Pertinent Than Ever

According to NortonLifeLock, tech support phishing scams became more pervasive following the events of 2020 for two reasons. First, users became more reliant on computers, smartphones and other devices to do their work, go to school, get their groceries and complete other daily tasks. Malicious actors took advantage of this increased use with the knowledge that they could expand their base of potential victims.

Second, tech support scams have a history of working. Why? Like other types of phishing, they rely on social engineering first and foremost. This lowers the barrier of entry for many digital attackers, as a lack of technical expertise doesn’t prohibit them from targeting someone.

These tech support scams claim all different types of people as victims. Young people, the elderly and even people who track down scammers on the web can fall for it. That’s what happened to the creator of the Tech Support Scams YouTube channel in July. Scammers contacted the YouTube creator while pretending to be support representatives for the platform. Those attackers didn’t steal the creator’s account credentials, wrote The Register, but they did manage to trick him into at least temporarily deleting his channel.

How to Defend Against Tech Support Scams

For organizations to defend themselves against tech support phishing scams, they need to invest in their employee security awareness training programs.

NortonLifeLock recommended that organizations educate their employees to never call a number contained in a pop-up ad or message warning of computer issues. Through their employer’s security modules, they can learn to inform IT and/or to contact the tech company being impersonated instead.

At the same time, security firms can use threat intelligence to keep their employees informed about relevant scam attempts. This is especially pertinent around the holidays when the security community witnesses a rise in shopping fraud attempts and charity phishing scams.

More from News

Are Threat Actors Using ChatGPT to Hack Your Network?

Though the technology has only been widely available for a couple of months, everyone is talking about ChatGPT. If you are one of the few people unfamiliar with ChatGPT, it is an OpenAI language model with the “ability to generate human-like text responses to prompts.” It could be a game-changer wherever AI meshes with human interaction, like chatbots. Some are even using it to build editorial content. But, as with any popular technology, what makes it great can also make…

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…

Malware-as-a-Service Flaunts Its Tally of Users and Victims

As time passes, the security landscape keeps getting stranger and scarier. How long did the “not if, but when” mentality towards cyberattacks last — a few years, maybe? Now, security pros think in terms of how often will their organization be attacked and at what cost. Or they consider how the difference between legitimate Software-as-a-Service (SaaS) brands and Malware-as-a-Service (MaaS) gangs keeps getting blurrier. MaaS operators provide web-based services, slick UX, tiered subscriptions, newsletters and Telegram channels that keep users…

New Survey Shows Burnout May Lead to Attrition

For many organizations and the cybersecurity industry as a whole, improving retention and reducing the skills gap is a top priority. Mimecast’s The State of Ransomware Readiness 2022: Reducing the Personal and Business Cost points to another growing concern — burnout that leads to attrition. Without skilled employees, organizations cannot protect their data and infrastructure from increasing cybersecurity attacks. According to Mimecast’s report, 77% of cybersecurity leaders say the number of cyberattacks against their company has increased or stayed the…