The phone rings, and the person on the line claims to be calling from a trustworthy tech company like Microsoft or Apple. There’s a problem with your computer, he says–perhaps it’s infected with viruses or infiltrated by hackers–but he’s happy to work with you to clean things up for a fee.
If you ever get such a call, it’s a scam, and experts say you should simply hang up. Tech companies simply won’t call you to offer services to fix your computer, nor will they pop up messages in your web browser offering help eradicating malware or a digital tune-up.
But in 2018 alone, people reported losing $55 million to tech support scams, according to the Federal Trade Commission (FTC), and people age 60 and older were about five times more likely to report losing money to such fraudsters. Such scams are now considered among the fastest growing internet-based frauds, according to the FBI, which reported a 161% increase in victims’ monetary losses over 2017.
Listen to an actual tech support scam message:
And those are just the victims who reported the fraud to the FTC, the FBI, and partner organizations: It’s likely many targeted by scams didn’t report out of embarrassment, quietly reversed fraudulent charges with their credit card companies, or have yet to realize they’ve been defrauded.
A man with Parkinson’s paid $90,000 for “tech support”
In one civil case brought by federal authorities last year against a Washington State woman, who authorities say processed payments for a tech support scam involving call centers in India, one “elderly victim” was allegedly scammed out of $89,999.98 over dozens of transactions in a seven-month period, according to a court filing by Postal Inspector Thomas Ninan. The victim, a physician, died in December, and the payments were discovered toward the end of his life by his son, according to court filings.
“My father was a doctor,” the son wrote in a court filing. “Under normal circumstances, there was no way that he would have paid multiple thousands of dollars, even once for technical services for his personal computer. He absolutely would not have paid the same people dozens of times for tens of thousands of dollars for such services. However, my father was induced to make these payments after he contracted Parkinson’s disease.”
Telemarketers involved in the scam deliberately targeted proven victims with “new bogus reasons why the consumer must purchase additional security software to avoid new serious computer virus or other threat to the victim’s device,” Ninan wrote.
That’s not atypical, experts say: Networks of fraudsters often circulate the phone numbers of people who have been proven gullible to target with repeat scams.
“It is often good to consider changing your phone number,” says Courtney Gregoire, Microsoft assistant general counsel for the company’s digital crimes unit, if you realize you’ve fallen for a scam.
Playing on fear and phone users
The victims are not exclusively seniors–a survey released by Microsoft last year found younger generations targeted by tech support scams were actually more likely to lose money than baby boomers–but there’s no question that scammers are exploiting a kind of digital anxiety that’s commonly found among older adults.
“There’s certainly a lot of anxiety in our cohort about computers in general,” says Doug Shadel, AARP’s lead researcher on consumer fraud.
Fraudsters seem to have found greater success with appeals to fear, like tech support scams and those impersonating the Internal Revenue Service and demanding payment on back taxes, than with more positive fake messages, like bogus lottery or sweepstakes winnings, Shadel says.
“There’s just an endless amount of fear appeals,” he says. “They realize that fear sells better than good news.”
Older consumers may also be more likely to be used to using the phone to conduct business and simply more likely to pick up when they get unexpected calls, says Jim Tyrell, senior director of product marketing at Transaction Network Services, which analyzes call data for phone companies. “If you kind of look at the demographic of who uses voice mostly, clearly it’s not gen-X, gen-Y, and gen-Z,” he says.
Money’s not the only thing at stake, either: Increasingly, scammers are also asking for passwords and installing spyware, taking control of victims’ computers and giving them access to sensitive personal and banking information.
Corporate partnerships and a bill in Congress
AARP has worked with Microsoft and other organizations in recent years to educate consumers about the risks of automated scams, from robocalls to phishing attacks. Microsoft, which receives about 12,000 scam complaints a month through its own reporting site, has also worked to support law enforcement in shutting down scam-related operations around the world.
In March, Attorney General William Barr announced what the Justice Department called the “largest-ever nationwide elder fraud sweep,” which included arresting suspects accused in tech support and other scams, many of them targeting the elderly. The department said the illegal operations, involving more than 260 defendants in the United States and around the world, stole three-quarters of a billion dollars from victims. “We have to prosecute an all-out attack on these despicable crimes,” Barr said.
Microsoft also supported law enforcement in raids on about 30 call centers in India, where tech support scammers frequently set up shop, says Gregoire. “These tech support scams are truly a global problem, and Microsoft has been really committed to addressing them, because at the end of the day, they really do risk having consumers lose confidence in technology,” she says.
A bipartisan group in Congress also recently introduced a bill, dubbed the Senior Security Act, that would set up a task force at the Securities and Exchange Commission to investigate senior targeting scams, especially those involving investments. The bill doesn’t explicitly focus on tech support scams, although a spokesperson for bill sponsor Josh Gottheimer, a New Jersey House Democrat, said in an email that “if the tech scam goes after senior investors or affects seniors through anything related to securities, the SEC would investigate.”
Phone companies and the tech companies that work with them are also taking their own steps, increasingly deploying tools for filtering out robocalls, even on internet-based home-phone service like many cable providers offer. Nomorobo, a robocall filtering company, has a set of roughly 250,000 phone lines of its own that receive, record, and analyze robocalls so that it can recognize them before they reach end users. (The company doesn’t listen in on or record any calls to its actual customers.)
“What we see a lot is on the landline side, they are absolutely targeting the elderly,” says Aaron Ross, the company’s founder. Those calls include not only tech support calls but other messages aimed at older people with health issues, peddling medical equipment like back braces that often can be billed to Medicare. “Elderly people trust their phones a lot more than younger people,” Ross says.
The Federal Communications Commission has also taken an interest in unwanted calls and has pushed the phone industry to do more to keep them from reaching consumers. In addition to technologies like Nomorobo’s, a partial solution may come from a cryptographic technology called STIR/SHAKEN that’s designed to curb caller-ID spoofing, where fraudsters call using a fake number that could belong to a trusted contact like Microsoft or the IRS or, increasingly, a number similar to your own.
Ignore browser pop-ups (and don’t pick up the phone)
But even reining in robocalls won’t put an end to tech support scams, which also find audiences through fraudulent ads that appear in browsers, falsely telling web users they need to call a particular number for tech support.
“The shift from the cold calling mode to pop-ups really enabled them to get broader scale,” says Gregoire.
Scammers sneak onto legitimate sites by exploiting security holes in the complex way online ad inventory is bought and sold. Then, they show pop-up messages touting scammy tech support services or even redirect to sites that use coding tricks to make it difficult for inexperienced users to leave. Other times they’ll use search engine optimization tricks to show up when people search for computer problems, or they’ll even buy ads that show up alongside search results. Microsoft’s Bing shut down roughly 12,000 advertising accounts promoting tech support scams last year, the company has said.
When victims call numbers provided on scam sites or engage with scammers who call them, call center workers will convince them to allow them to remotely connect to their computers and use various tricks to make it appear that malware is present. They might open command line windows and surreptitiously type in text like “viruses detected” or simply display innocuous but intimidating-looking technical data from the operating system, says Najmeh Miramirkhani, a graduate student in computer science at Stony Brook University who has studied tech support scams.
“For example, they show you the event logs of your system,” she says. “They offer you a security package and if you are convinced that your system is infected, then you have to pay around hundreds of dollars to remove malware from your system.”
While web hosting providers and content distribution networks will often shut down scam sites when they find them, it’s often easy for fraudsters to set up new accounts, often even taking advantage of free trial periods to get their messages online, she says. And while technological solutions like ad-blocking software can help keep scammy pop-ups at bay, many vulnerable users likely don’t know how to install them without help.
“They are talking to people who are not tech savvy, so the thing is if you ask these people to install ad blockers, they don’t have any idea about it,” she says. “You just have to educate people.”
Alex Quilici, the CEO of YouMail, a Southern California company that provides robocall blocking and visual voicemail, suggests people get in the habit of letting unknown calls go to voicemail and talk to their older relatives about watching out for fraud. “You just have to teach your family members to figure out that’s likely a scam,” he says.
Experts say anyone who has fallen for a scam should have their computers inspected by a trusted professional if they allowed fraudsters to access them, and should contact their banks or credit card companies about contesting fraudulent charges. They can also consider reporting the scam to the FTC or other law enforcement agencies.
Even after recent crackdowns, he warns, tech support scams remain a growing threat.
“It shows how hard it is to stop the scam, because we haven’t seen any real decline in volume,” says Quilici. “It’s whack-a-mole, where they knocked down a few moles but others popped up with the same behavior.”