F-Secure’s Elements Endpoint Protection Platform (EPP) has recently been updated to give it additional capability to defend against so-called technical support scams. These kinds of scams have been around for a long time, reported in the UK as early as 2008, however as they have become more common and sophisticated we have decided to prioritize developing a feature to enhance our protection against them.
What is a technical support scam?
A technical support scam is a kind of fraudulent activity where the criminal pretends to be contacting a user from a legitimate technical support service, in order to trick the user into giving them remote access to their computer.
Once they have this access they can use it to steal more valuable information or further access to other parts of an organizations network. They may also request payment for the “technical support” they have provided.
Microsoft receives around 6,500 monthly complaints from people who have fallen victim to this type of scam, according to a recent blog post on the topic. Sometimes we assume that the victims of these scams are mostly older and less technically literate people, and while some scams do target these demographics, the sophistication of some of these criminals mean anyone can be a target.
In November 2021, the stock trading platform Robinhood admitted in a blog post that one of its customer service representatives was duped by a technical support scam leading to more than 5 million email addresses being stolen. The company did not release details of the scam other than to say that the employee was contacted by the hacker over telephone and socially engineered into divulging sensitive information.
What are we doing to protect our customers?
The additional feature we have added to F-Secure Elements EPP is designed to stop these scams by notifying the user immediately.
Many of these scammers request remote access to a user’s computer (much like a legitimate IT support staff member would), so this is one of the triggers that our protection looks out for.
As soon as a user navigates to a protected site F-Secure Connection Control feature will trigger and check whether any remote connection tools are in use. If they are a message will pop up to warn the user that they might be falling victim to a scam and if they are on the phone with someone, they should immediately end the call.
