There is a current trend in which scammers contact people regarding a fake security issue or fake issue with their financial accounts, for example, saying they have been compromised, and then use remote desktop software to manipulate their computers and accounts, causing financial losses for victims.
Description
Scammers initiate contact with their target typically with a phone call, email or text; or a victim may receive a popup alert on their computer instructing them to call a telephone number to receive help with their fictitious computer or account problem.
Fraudsters may pretend to be from a well known company and convince the individual that they have a tech support problem, such as:
- Financial accounts have been compromised, and that their funds need to be moved.
- Software license needs to be renewed.
- An email account has been compromised.
- A security alert issue needs to be addressed.
Scammers often ask the victim to install free, remote desktop software so they can monitor and take actions on the person’s computer. If fraudsters gain control of your device, they may steal data from a victim’s computer or from files connected to it. They may also install other malicious or unapproved software, or change settings to maintain control of your device.
Scammers may direct victims to wire or transfer funds out of their bank or brokerage accounts to cryptocurrency exchange or to transfer their crypto wallet contents to a different wallet to “safeguard” them. Fraudsters may have fake support websites to lure crypto owners to contact them.Then they convince victims to hand over control of their crypto accounts or give them their login information.
How to Protect Yourself
Please be aware of evolving tech support scam tactics, and keep the following in mind:
- Legitimate tech or customer support representatives never send unsolicited messages to customers.
- Tech support representatives never demand payment immediately or ask for payment in cash, prepaid gift cards, cryptocurrency or wire transfers.
Take the following actions to avoid these scams:
- If you receive a phone call that you didn’t expect from someone claiming to know there is a problem with your computer or account, hang up.
- If you see a popup alert on your computer asking you to call a telephone number, do not call the number. Legitimate alerts do not ask you to call a number.
- U-M Devices: Do not let anyone, outside the ITS Service Center or U-M IT staff that you contact, install software on or take control of your U-M device.
- Personal Devices: Similarly, do not allow unknown individuals or remote tech support access to your personal computer or devices.
- If you need help with your computer, contact an organization you know and trust.
- If it is a UM provisioned device, contact the ITS Service Center.
- If it is a personal device, For your personal computer, contact Tech Repair or another local, reputable repair service. Pay attention if you search for support online. Some fraudsters have fake websites claiming to be well-known companies that appear in search results.
If you think you got caught by one of these scams, take action to protect your information and university computing resources:
- If you gave out U-M info, such as your UMICH password, or allowed access to your university-owned computer:
- Change your UMICH password at UMICH Account Management.
- At Michigan Medicine, change your UMICH password at lvl2.med.umich.edu.
- Report an IT security incident.
- If you gave out personal info, such as your credit card number,
- Notify your credit card provider. You may need to have your card replaced.
- File a complaint with the Internet Crime Complaint Center
- Put a fraud alert or hold on your credit report.
- For instructions, see If You Suspect Your Identity Has Been Compromised or Stolen.