Did you know that scammers are posing as IT departments, telecom providers and even banks to persuade individuals to give over control of their devices? Once they have control, accounts are hacked, and sensitive data is stolen.
How do they do it?
The tricky thing to keep in mind about remote access fraud is that most of the software used by criminals is legitimate. It may even be used by the company the scammer is impersonating.
Step One
The criminal could call you; they may even email you to set up an appointment or time to access your device. Stories typical to this type of attack may be:
- Your device is experiencing technical issues
- Your device has previously been breached
- Your broadband is slow
- There are problems with your bank account or card
Step Two
If agreed to, they may use the following method to remotely access your device:
- Direct you to a website
- Direct you to download a smartphone application
- Direct you to install a program on your computer
A passcode is then used to connect the two devices.
Step Three
Once the criminal is connected to your device, they may show you a fake screen whilst working in the background to download malicious software or steal sensitive data from you. However, depending on the story they are using, they may simply ask you to login to online banking or change a password.
How to Avoid this Happening to You:
Know your providers. Firstly, do you know who your workplace providers are? Who manages your IT support, or your telecoms? Knowing this may help you recognise a fraudulent call. If you get a call from BT, but a local company manages your telecoms, you can confirm the call with your local provider.
Question the situation. In addition to this, if the caller is supposedly calling from your provider, ask yourself if you were expecting the call. Did you report an issue with your device, is there even an issue to begin with?
When you are speaking to the caller, are they pressuring you? If so, they may be trying to panic you into action.
Be cautious. If you feel like the call is suspicious, hang up immediately. You can always call the company back on a number you know to be correct. It is always better to act with caution.
Good to know:
Common impersonations used include Amazon, BT, and Microsoft. However, with detailed targeting the criminal may even impersonate your IT support company. Remote access software commonly used is TeamViewer, AnyDesk, LogMeIn and GoToAssist.
Remember, a zero trust approach is key to avoiding these scams.
What is Cyber Security?
Cyber security is a means of protecting networks, systems, and programs from digital attacks. These attacks are designed to be disruptive. Aimed at stealing, changing, or destroying sensitive data. Often, attacks are used for financial gain by holding data or networks to ransom.
What is Ransomware?
Ransomware is a type of infectious software designed to prevent you from accessing your files, databases, and applications until a request is fulfilled; this is typically a payment to the attacker.
What is Social Engineering?
Social engineering is human side of cyber security. It can be easier for criminals to manipulate a human than to try and hack software or devices. So rather than attacking technology, criminals exploit the users of the technology to get what they want.