Cybersecurity for small business: Tech support scams

Share This Page

An employee gets a phone call, pop-up, or email warning about a problem with the office computer. In an effort to be helpful – or perhaps concerned they clicked on something that caused the glitch – the employee follows instructions to send money, turn over personal information, or provide access to your system. As a small business owner, you know it’s a tech support scam, but are you sure every member of your team has the savvy to spot it? The FTC has new resources to help protect your company from cybersecurity risks, including tech support scams.

How the Scam Works

FTC Cybersecurity Tech Support ScamsScammers often pretend to be from a well-known computer-related company. They use confusing tech talk and smoke-and-mirrors chicanery – perhaps a bogus “scan” of your system – to convince your employee that emergency action is necessary.

The next step varies depending on what the scammer is after. Data thieves may propose a “fix” that gives them remote access to your network. Once in, they steal sensitive data or install malware to facilitate future invasions.

Others just care about the cash. They may try to convince your employee to enroll in a worthless computer “maintenance” or “warranty” program. Or they’ll ask for a credit card number so they can bill your business for bogus repairs. In a variation on the scam, they may direct your staffer to a website where they ask for account information, passwords, or personal data.

How To Protect Your Business

If someone calls your employee and says there’s a problem with the computer – even if it looks like a local number or the caller ID says it’s from a well-known company – instruct your staffer to hang up.

If it’s an email that appears to come from a trusted business, don’t respond. Don’t click on any links. Don’t share passwords. And don’t call a phone number in the message.

If it arrives as a pop-up, the advice is the same: Don’t respond. Don’t click. Don’t share. Don’t call. Tech support scammers are experts at falsifying caller IDs, email addresses, URLs, etc. So those aren’t reliable methods for separating the tricky from the trustworthy.

Of course, some pop-up messages about computer issues are legitimate and sometimes your IT people need to talk to a staffer. Train your employees to respond by calling or emailing a co-worker you designate, using a number or address you have provided in advance.

What To Do If You’re Scammed

If someone at your business has shared a password with a scammer, change it on every account that uses that password. Insist on unique passwords for each account.

To protect against malware, use legitimate security software and keep it current. Use the software’s scan feature and delete anything it flags as a problem. If you need help, consult a trusted security professional in your community. If a computer infected by malware is connected to your network, you or a security professional should check the entire network for intrusions. Report an attack right away at FTC.gov/complaint.

If an employee bought bogus services from a tech support scammer, ask your credit card company to reverse the charges. Keep checking your monthly statements to make sure the scammer doesn’t try to go back for seconds – and report it to the FTC.

Raise these points at your next staff meeting, using this factsheet as a discussion starter.

Next: Vendor security

Comments

Awesome work from the FTC for creating this informational piece to keep businesses & consumers safe!

Hello. I am ltonser. And i need to help. hmmm

I have some information concerning cyber security attacks.

Add new comment

Comment Policy

Privacy Act Statement

It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system (PDF), and user names also are part of the FTC’s computer user records system (PDF). We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.