Call us now

Fake tech support circumvents traditional cybersecurity training

The topic for cybersecurity is and will continue to be quite hot for some time. But hackers aren’t waiting around and have new methods to circumvent it.

Companies invest a lot in cybersecurity trainings for their employees and that’s great. It lowers the risk of a breach by quite a lot. One of the popular tricks is to get cold calls claiming to be from top cybersecurity firms which say they’ve found a breach and offer their services. Instead, they take the money and the data and split.

But since this trick is now relatively well known, hackers are setting up alternatives. One new trend is to create fake tech support sites and services, ComputerWeekly notes. They mimic other legitimate sites, steal their logos and then promote their own services in search results.

Then all they do is simply wait for some unlucky fellow to contact them. They don’t care about the issue, but they use it as a cover to ask for remote access to “diagnose” the problem. You can guess what happens next. Usually there are several scenarios. Some actually fix the issue at hand, but in the same time they infect the computer with malware. Then they either use it in a botnet, or offer to fix it for additional money. If the user declines, their data gets copied and/or deleted.

This technique bypasses pretty much all security features and measures set in place. It also doesn’t rely on phishing or cold calls. And it’s also way too new, so it’s not included in most trainings.

Companies with IT departments should set up a policy for employees to call their own internal help desks for all IT issues. This is the best way to prevent a breach by fake tech support services. Smaller companies should set up a trusted relationship with a tech support firm to tackle issues. And when searching for additional help is needed, then employees should know to check the site’s reviews, whether they have HTTPS in place, if there’re certificate problems or other errors in the site and so on. Sadly, there’s no absolute guarantee, but extra vigilance is a must in today’s cyber world.