If you’ve received a new computer as a holiday gift, it’s important to protect this device from so-called “tech support scams.”
Lorrie Faith Cranor is associate department head of Carnegie Mellon University’s department of Engineering and Public Policy. She’s also the former chief technologist for the Federal Trade Commission.
Cranor tells 90.5 WESA’s Sarah Boden to be wary of unsolicited messages that claim to come from prominent companies.
This conversation has been edited for length and clarity.
SARAH BODEN: Often these scams will start with an email, phone call or ad on your computer screen saying claiming to be from a prominent company, like Microsoft. The message will then say there's something wrong with your device. Are there any tells this is a lie?
LORRIE FAITH CRANOR: Companies like Microsoft are not actually going to call you to tell you about problems with your computer. If somebody calls you to tell you they’re from Microsoft, don’t believe them.
BODEN: Once someone is caught in a scam, what will a victim be told or directed to do that allows these nefarious individuals access to their computer?
CRANOR: So, usually, the person who calls will say there’s a problem with your computer, it has a security problem, and they’ll ask you to go ahead right away and login to your computer and check it out.
They will give you steps to take in your computer. And they act as if they’re already connected to your computer, that they can already see what’s going on. But they can’t, they’re making this up. But they’ll give you a series of things to carry out. And they know what actually is going to happen on your screen. And so they’re going to say, “Oh, do you see this right now?” And of course you’ll say, “Oh, yes, I do.” But that’s what happens to everybody’s computer when you carry out those commands.
And so the victim will then think that this company has diagnosed some problem on their computer. And then when the caller tells them, “Well if you want to this fix this, you need to send us some money so that we can fix it.” Then victim will often agree to do that.
BODEN: But it’s my understanding there are also scams where people gain access to victims’ computers and then download ransomware, viruses too. Is that correct?
CRANOR: That happens as well. So sometimes they’ll ask the victim to go to a particular website, download some software. And then that software may in fact put ransomware or other types of malware on the victim’s computer.
BODEN: What happens then?
CRANOR: It may start deleting your files, or lockup your files, and make some things just not work. Make popups constantly popping up all over the place on your screen. Your computer may start making annoying noises.
And at that point, in order to fix the problem, you may be able to take it to a legitimate computer repair person who may be able to remove the malware. But sometimes with ransomware, there’s really no way to actually get your files back or fix things without paying money for it, unless you have backups.
BODEN: So is it true that you may not know computer has been compromised for weeks, if not months?
CRANOR: Yeah, there are some types of malware that sit dormant for a while and then will spring into action for week or months later.
BODEN: Beyond computers should people be worried about other devices, tablets, smartphones, maybe even smart TVs? Thermostats?
CRANOR: Yes, unfortunately. There is malware that can infect tablets and phones as well. And the same sort of precautions apply. And as we have increasing numbers of IOT (internet of things) devices, like thermostats, smart light bulbs and things like that, there is the possibility of those devices also getting infected.
The other thing that you can do, which can help, is to keep your devices updated. Especially with the IOT smart devices, those patches are going to help prevent security problems.