The Internet Crime Complaint Center (IC3) received 10,850 complaints about tech support fraud last year, with losses totaling more than $7.8 million. The IC3’s 2016 Internet Crime Report claims that tech support fraud affects people of all ages, but older people are the most susceptible.
The task force, which is composed of the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance, also highlights the rise in business email compromise schemes, extortion, and – naturally – ransomware. In all, the IC3 received 298,728 complaints, with reported losses of $1.3 billion.
What is tech support fraud?
Tech support fraud is a form of social engineering in which an attacker claims to be associated with, say, an IT company or Internet service provider, offering the victim technical support. Should victims give criminals remote access to their devices, the IC3 warns that criminals are able to:
- Take control of the victim’s device and/or bank account, and refuse to release control until the victim pays a ransom
- Access computer files containing financial accounts, passwords, or personal data (such as health records and Social Security numbers)
- Intentionally install viruses on the device
- Threaten to destroy the victim’s computer, or continue to call in a harassing manner
Phony tech support companies employ several methods to trick their victims, such as cold calling, locking victims’ screens, creating pop-ups, paying to have their websites appear in the top of search results for technical support, and typosquatting.
Protect your organization
Tech support fraud is in itself an alarming trend, but it also goes to show the ever-changing ways in which criminals attempt to exploit people. Cyber crime is a universal phenomenon, and everyone – from individuals to both small and large businesses – needs to be vigilant. If they haven’t done so already, companies should implement a cybersecurity framework that not only protects the business with technology solutions, but also takes into account the organization as a whole.
An effective cybersecurity framework should include guidelines for safeguarding the business with information security processes and staff awareness plans. If you implement an information security management system (ISMS) in line with ISO 27001, you can reduce cyber risks, protect your reputation, save money, and achieve compliance with data security regulations.
ISO 27001 is the international standard that describes best practice for an ISMS. It has been adopted by almost 30,000 organizations across the world, and its popularity is growing by 91% in the US.
You can discover how to implement an ISO 27001-compliant ISMS, and the things you need to take into account when doing so, in our free green paper, Implementing an ISMS – The nine-step approach.
Earn a coveted ISO 27001 qualification with these training courses and get started with a career in ISO 27001 now:
ISO27001 Certified ISMS Foundation – Live, Online Training
A complete introduction to the key elements required to achieve ISO 27001 best practice and compliance. Find out more
ISO27001 Certified ISMS Lead Implementer Online
Learn the nine key steps involved in planning, implementing, and maintaining an ISO 27001-compliant information security management system. Find out more.