Tech Support Scams: How Cybercriminals Exploit Trust

With over 37,560 victims in 2023⁽¹⁾, tech support scams are one of the most widespread forms of digital fraud. These schemes often target seniors, with US citizens over 60 losing more than $340 million dollars in just the past two years⁽²⁾. 

What started as phony phone calls has exploded into an intricate web of multi-channel attacks targeting victims through emails, websites, and pop-ups. These scams utilize both social engineering and technical invasion to attain the necessary data for extortion. 

While their methods have developed, it’s still possible to uncover the true identity of these impersonators. Knowing their procedures and how to derive evidence from the subsequent digital footprint left behind are critical components to a tech scam investigation. 

A Deep Dive into Tech Support Scams 

Tech support scams look to capitalize on the good name of established brands such as Microsoft, Apple, Norton, Geek Squad, and other giants in the tech realm. Seniors who are less technologically savvy are disproportionately targeted, with those over 60 being more than five times more likely of falling victim⁽³⁾. The following are the most common ways a tech support scammer may attempt to reach you: 

• Fake Pop-Ups: You’ve probably heard of the “congratulations, you’ve won” pop-up scams from the early days of the internet. Today, many scammers opt to motivate their targets with fear, utilizing pop-ups that tell them their device has a virus and lead them to contact a fraudulent tech support ring. 

• Unsolicited Phone Calls: These scammers sometimes reach out to their targets over the phone with unprompted warnings of potential issues found on their device. The target is then asked to allow the scammer remote access to their device by installing programs that grant full access to the device or contain malware. 

• Phishing Emails: You may receive a carefully crafted email containing personal information that the scammer gained through a data breach. The email intends to convince you that it was truly sent from a reputable organization and persuade you to surrender further data. A common example is “Geek Squad” phishing email scams. 

The data left behind in these exchanges, such as email header metadata, malicious scripts, and access logs, combined with knowledge of common strategies used in these scams can help determine the extent of damage, reveal the source, and begin the recovery process. 

Common Techniques Used by Tech Support Scammers 

While scams have a variety of approaches, they share the same goals of stealing data, installing malware, or extorting payment. Cybercriminals typically employ some variation of the following strategies: 

• Impersonation & Spoofing: This is typically the first step in these scams. Perpetrators will portray themselves as a trusted entity such as a bank, government agency, or popular corporation such as the “Geek Squad” scam. They may go as far as spoofing the email header, caller ID, or website URL to make their ploy more convincing. 

• Remote Access Tools: Once the initial trust is established, scammers will convince their target that they need to grant them remote access to their device to properly resolve the fake issue. Once the program is installed, the scammer can weaponize any private data stored on the device. 

• Credential Theft: This technique can enable the scammer in more ways than one. The theft of employee credentials can allow a perpetrator to inconspicuously assume the role of a trusted entity. They can use this guise to then steal credentials from their victim that can be used to commit extortion.  

• Fake Payment Pages: On top of stealing the victim’s data, these scams will ask for payment for their illusory services. Perpetrators will create spoofing websites that appear nearly identical to the legitimate company’s page to collect payments and financial data. 

Red Flags & Warning Signs: Identifying A Tech Support Scam 

Knowledge is the greatest factor in avoiding scams such as these. These cybercriminals gravitate toward scamming seniors with less technical understanding. It is important for anybody, but especially those at higher risk, to be aware of the typical characteristics of these schemes. 

• Unsolicited Contact: The abundance of these scams prompted a warning from the FBI⁽⁴⁾ that any legitimate customer or tech support would not reach out to their customers without them first making a request. 

• Pop-ups: Any alerts that lock your screen or demand immediate action should set off alarms in your head. Don’t click any links or call a number listed in one of these pop-ups. 

• Pressure Tactics: Scammers create a sense of urgency that leads their targets to act irrationally. Being met with a time-sensitive message that your device has been infected can cause people to click without properly considering its credibility. 

• Request for Remote Access: If you’ve engaged in conversation with a supposed tech support representative and they are eager to take over control of your device, you should probably cut them off. 

• Demand for Specific Payment Forms: In the aforementioned warning against unsolicited calls, the FBI also advised legit support resources won’t request forms of payment that are difficult to trace like gift cards, wire transfer, cryptocurrency, or cash⁽⁴⁾. 

How Digital Forensics Detects Scams Post-Incident 

After an incident, digital forensic experts can trace malware infections to their source, identify the origin of pop-up messages, and examine suspicious browser activity to determine: 

• Which sites delivered the scam? Knowing which sites were compromised can help experts detect culpable vulnerabilities and protect potential future victims. 

• Were remote access tools installed? Check your downloaded files and task manager if you gave remote access to the scammer. LogMeIn, TeamViewer, and RemotePC are some common software names to look out for. 

• Was malware or additional spyware left behind? In addition to remote software, these scams leave you vulnerable to ransomware, spyware, and other malicious programs. Inspect your downloads and run a virus scan.  

Aftermath of a Tech Support Scam: Why Digital Forensics Is Essential 

Tech support scams carry the threat of exponential damage to the victim that can expand outside of the initial incident and only worsens as time passes. However, there are ways to seek support. Knowing where to turn and taking immediate action is monumental in mitigating misfortune and preserving proof on your road to recovery. 

Risks After a Tech Support Scam 

Even after the initial scam, the threat of further anguish is as existent as ever. Quickly utilizing the support resources available is essential to making an on-going recover and avoiding continued suffering in the form of: 

• Credential Theft: Your private information that was compromised in the scam can be sold to other cybercriminals or used for identity theft. 

• Persistent Backdoors: Any passwords acquired or malware installed on your device can serve as a potential in for scammers even after the initial attack.  

• Financial Fraud: The financial data you provided for payment can be used for fraudulent expenditures. Additionally, the credential theft listed above can be used to open fraudulent credit accounts in your name.  

Collecting Evidence 

Digital forensics experts can help you collect the evidence necessary to take legal action through methods such as: 

• Full Device Imaging: By successfully duplicating the files on a storage device, analysts can preserve the evidence of a cybercrime and potentially recover deleted files. 

• Timeline Reconstruction: Using evidence like internet logs, metadata, and IP tracking, experts can accurately determine the chronology of the crime. 

• Malware & Remote Access Analysis: Understanding the origin, purpose, and capabilities of a software allows experts to unmask the perpetrator, determine the total damage, and adopt the appropriate recovery method. 

• Source Tracing: Analysts can investigate email header data, phone numbers, and hypertext within communications to determine the root of the attack. 

• Reporting & Documentation: With the evidence collected through their investigation, experts can help connect you with the correct law enforcement agency where you can report the crime. 

How Digital Forensics Corp Investigates Tech Support Scams 

Digital forensic investigation doesn’t just answer what happened, it also answers key factors like who’s behind the attack, how they gained access, what data was compromised, and what vulnerabilities lead to the attack. This information is not only crucial to determining the full scope of the attack but also preventing similar instances from occurring in the future.  

Key Forensic Techniques Used in Tech Support Scam Investigations 

If you know where to look, evidence of the crime is scattered throughout miscellaneous data trails left behind by the scammer. Digital Forensics experts have this knowledge and can support victims of tech support scams through the following strategies: 

• Email Header & Domain Analysis: Schemes like the previously mentioned “Geek Squad” scam often spoof their email headers or URL to appear as if they came from the legitimate company. However, analysis of the metadata within these files can clue experts in on the true culprit. 

• Remote Session Review: Reviewing logs of remote access on the compromised device can give analysts insight to who accessed the device, when they accessed it, and the device used to access it. 

• Network Traffic Analysis: Experts can spot irregularities in network traffic that could indicate that suspicious activity or security jeopardization has occurred. 

• Malware Reverse Engineering: Much like a virologist, digital forensics experts can dissect and interpret malicious programs in a controlled environment to determine their purpose and the extent of its hazard.  

• System Log Review: By looking over system logs, analysts can see all activity that has taken place on the device. This includes error reports, file requests and transfers, and sign-in attempts. 

Scammed? Get Help Now 

Here at DFC, we have handled thousands of cases spanning the vast array of online fraud, including tech support scams. Our goal is to remove the digital anonymity of these scammers and connecting you with resources who can provide further support. 

Our device fingerprinting techniques, including IP tracking and metadata analysis let us bring these cybercriminals to light. Furthermore, our cooperation with legal agencies around the globe allows us to connect you with the correct law enforcement to pursue justice. 

If you have fallen victim to one of these scams, we are here to help. Call today for a free consultation with one of our specialists. 

Sources: 

1. 2023_IC3Report.pdf 
2. FTC Takes Aim at Top Fraud Driving Losses Among Older Americans | Federal Trade Commission 
3. Protecting Older Consumers 2023-2024 (A Report of the Federal Trade Commission) 
4. FBI Warns Public to Beware of Tech Support Scammers Targeting Financial Accounts Using Remote Desktop Software — FBI 

DISCLAIMER: THIS POST IS FOR INFORMATIONAL PURPOSES ONLY AND IS NOT TO BE CONSIDERED LEGAL ADVICE ON ANY SUBJECT MATTER. DIGITAL FORENSICS CORP. IS NOT A LAWFIRM AND DOES NOT PROVIDE LEGAL ADVICE OR SERVICES. By viewing posts, the reader understands there is no attorney-client relationship, the post should not be used as a substitute for legal advice from a licensed professional attorney, and readers are urged to consult their own legal counsel on any specific legal questions concerning a specific situation.