Social Engineering As A Malware Delivery Mechanism – Technical Support Fraud

We are all used to warnings about the need to keep security patches up-to-date in an effort to make our computers harder to exploit, but hackers have long been using social engineering alone as a means to exploit us and our computers. One type of scam – technical support fraud – seems to be on the rise again.

It sees hackers pose as employees of trusted organisations such as an IT company, Internet Service Provider, bank or, as in April 2018, even as Action Fraud. They phone the intended victim, claiming there is a problem with their account/internet/computer, and they need remote access to the victim’s device to demonstrate and fix it.

Granting them this access gives the hackers complete control. They can, for example, install a key logger or other malware, launch phishing attacks against the victim’s contacts or access the victim’s personal information, including passwords and banking details.

Technical support fraud affects businesses as well as individuals, with some hackers regarding businesses as more lucrative victims.

This technique is not new, but it appears to be on the increase. Microsoft reported that it had received 153,000 complaints about technical support fraud from around 183 countries in 2017, a 24% increase from the previous year. Although the hackers can be very convincing, most organisations do not make unsolicited phone calls offering to fix problems.