Thursday, 1 December 2016

Are Millennials More Likely To Fall For Tech Support Scams?

Are Millennials More Likely To Fall For Tech Support Scams?

Younger people know what they're doing with technology, right? A Microsoft survey suggests that might not entirely be the case. Sarah Dobbs finds out more...

There's a stereotype for the kind of person who falls for tech support scams. You know the one: when you think about tech support scams, you imagine the person picking up the phone as nervous, not particularly tech-savvy, and probably in an older age bracket. Old enough not to have grown up with computers and the internet, but old enough to have learned to use a computer at work, probably. The kind of person who has a PC at home, but probably has their password written down on a Post-It note stuck to the monitor, because they don't use it often enough to have committed it to muscle memory. You definitely wouldn't think of the so-called 'digital natives'. The generation who grew up using computers every day at school would know better, surely?

According to a new survey, though, that's not actually the case. Microsoft's Digital Crimes Unit carried out a massive global survey into tech support scams, and its findings were pretty shocking. Not only did the survey reveal that two-out-of-three people surveyed had experienced the scam over the last year, but one-in-five fell for the scam and continued the interaction after being contacted... The real kicker, though? Of those, a whopping 50% were millennials, aged 18-to-34.

You'd think that age group would know better. They've literally grown up with the web, using it on a daily basis, on a variety of devices, without even really thinking about it. Warnings about scams and crime have been everywhere for their entire lives, and you'd expect by now most people in that bracket would have a pretty good sense for when someone's trying to rip them off.

So what's going on? How has this happened? Are the scams getting sophisticated enough that they're more difficult to avoid? Have people got complacent? Are you in danger of falling for a fraudster's lies? Time to dig deeper...

The Survey Says...

Let's start with the headline findings of Microsoft's survey. So, two-thirds of respondents reported coming across a tech support scam, and of that two-thirds, a fifth continued with the interaction - by which, Microsoft means they either downloaded software on instruction from a scammer, or visited a scam website, or allowed scammers to access their computers, or they handed out their credit card or PayPal information.

If we do the maths on that, that means some 13% of people who filled out the survey admitted to having fallen for this kind of scam. Extrapolate that out to everyone who owns a PC, and that's pretty enormous. Microsoft clarified, too, that almost one-in ten-people had actually lost money to a tech support scammer, which again seems like a huge number.

Now let's look at the demographics. 17% of the people who admitted to continuing a fraudulent transaction were over 55, probably the group you'd expect to be most vulnerable to this kind of scam, but a full 50% were 18-44. We're talking about teenagers born in 1998 - a generation too young to remember a world before mobile phones and wi-fi - falling for one of the oldest tricks in the cybercriminal book.

The survey revealed some other interesting stuff, too: that respondents in the United States, India, and China were the most likely to continue fraudulent transactions; that 55% of people who continued with a scam went on to lose money; reassuringly, though, 92% of the people who reported being scammed in the US managed to recover at least some of their money. None of that seems anywhere near as shocking as the age thing, however. Seriously, what's going on there?

Microsoft Calling

It probably makes sense to define what we're talking about here, before going any further. First reported in 2008, the classic version of the tech support scam involves a fraudster calling a potential victim and explaining that they're from 'technical support'. Often they'll say they're specifically from Windows technical support, but not always. There's something wrong with the victim's computer, they'll say. They've downloaded a virus, or they need an update or something else that sounds scary and urgent. In order to fix their computer, the victim should follow their instructions.

There are a few different ways the call might play out from there, but generally the scammer will try to bamboozle their victim by making them open random things on the computer and telling them what they're seeing is evidence of something wrong, before directing them to a website to download a program to fix the supposed problem. That program will generally be malware of some flavour, maybe a key logger or a remote access program that gives the scammer control of the victim's computer. One way or another, the scammer will find a way to persuade the person to hand over their credit card or bank details to pay for the 'support' they've received.

It's a particularly nasty confidence trick that can have pretty devastating consequences for the victims. The scammers might extract huge amounts of money from their victims, or leave nasty programs running on their computer, or both, and the whole thing is likely to leave them with a feeling of vague distrust towards their computer and anyone who claims to know how to fix it.

Yet, while this type of scam still happens, this isn't the version that the younger generation tend to fall for. Partly, that's because they've been warned; partly, it's because a lot of millennials dislike talking on the phone in general and won't get drawn into long conversations with strangers on the phone in the first place. Just because they don't answer their phones, though, doesn't mean the younger generation is immune to this kind of scam, as the stats showed.

Evolution Of A Scam

Over the past eight years, scammers have refined their technique, and now they contact their victims in other ways than just over the phone. Now, they send emails, or use pop-up or banner adverts on websites, or even hack reputable websites to redirect visitors to their own sites. There's a huge difference in how older people report having come into contact with such scams and how younger ones do: 44% of over-65s were contacted via phone, while only 26% of millennials were; instead, 59% said they'd come across a dodgy pop-up ad, and 50% had been redirected to scam websites. If you're still trying to do all the maths in your head, you'll have noticed that adds up to more than 100% - that's because the survey let respondents record multiple different ways they'd had contact with scammers, where appropriate.

However the scammer makes contact, the interaction plays out in much the same way: the criminals attempt to use their victims' fear and ignorance of their computer against them, pushing them into downloading software that hands over control of their computers allowing information to be stolen, anti-virus programs to be turned off, and more dodgy software to be installed - often leaving a back door in the victim's computer, so they can come back later and check for more info. It's the same scam, it's just that instead of a stranger on the phone telling you your computer's broken and you need their help, it's a message in an email, or on a website, telling you that something has been detected and needs to be resolved immediately.

IT lessons

So why is it that younger people are falling for this scam in such high numbers? This is the point where we have to start speculating, because there doesn't seem to be a straightforward answer. It may, howvever, have something to do with the way computers have become commonplace now. Ironically, having grown up always using a computer might make people more susceptible to this kind of confidence trick.

Think back to when you got your first computer. Did you build it yourself? Did you do a ton of research into what kind of system you wanted? What kind of system was it, anyway? If you're a regular reader of this magazine, you've probably read about the pros and cons of various different brands of motherboard and graphics card; you'll have read dozens of tutorials explaining how to keep your computer cooler, or how to squeeze extra performance out of it. You might be a Linux user, which would immediately tell you someone claiming they knew about a fault with your Windows PC was a scam, even before they got further than introducing themselves.

Obviously, I can't claim to know how old you are or what your experience with computers is; we've got readers of all ages, and many different levels of experience. Full disclosure: I (just) fit into the category of millennial we're talking about being most often scammed here, though only just, and I can remember going to an independent computer shop to get my first PC built when I was heading off to university. While this is partially anecdotal, I'm sure it used to feel like you used to have to know about computers and how they worked ten or twenty years ago. If something went wrong with your PC, you might have an idea of how to fix it, or you knew someone who did.

Now, though? Well, since 2003 sales of laptops have outstripped sales of desktop computers, and in 2015 sales of tablets overtook sales of laptops and desktops combined. And let's face it, no-one (or virtually no-one - there's bound to be someone out there) is building their own tablet at home. Enthusiasts, like readers of this magazine, still know their way around a computer's innards, but for most people, what's inside their computer's case is likely a complete mystery. More people use computers more often than ever before, but that doesn't mean they know more about them. Computers are just tools now. By-and-large, we're more interested in what they can do than what they're made of, and that could be making people more vulnerable to scams.

If you don't know how your computer works, you're vulnerable to someone claiming they know more than you do, and when they're telling you to look at something that makes no sense to you, you're going to believe them when they say they understand it. That's dangerous.

Social Engineering

We're all also much more familiar with downloading things from the internet than we used to be. Streaming movies and music is commonplace, and various pieces of software are always popping up dialogue boxes asking for permission to download and install updates. When another box claims to need to do something to your PC, it might not look markedly different from every other dialogue box that's popped up recently.

Then, there's the fear aspect of the scam. Now that we're all so reliant on our computers, both in our working lives and in our social lives, the idea that something might be wrong is kind of terrifying. The scammers use that fear to their advantage, hoping that fear will override reason and that, if they make the situation seem urgent, their victims will respond to their prompts because they don't have time to think their way around it.

It's even possible that the more we talk about malware and cybercriminals, the more effective these kinds of scams could become, because people are already on high-alert regarding the possibility that something could be wrong with their computer. In this state, a pop-up, email, or phone call just confirms something they're already afraid of. Thinking of it this way, it's easy to see how victims might then feel they should follow the instructions as quickly as possible to take back control of the situation. That's what makes this kind of scam so insidious. While scammers promising a share of massive international bank transfers appeal to victims' greed, this one appeals to victims' fear, and offers them false reassurance that everything will be okay if they just do a few simple things.

Watch Out

If reading about how many people fall for these scams makes you a bit nervous, well, maybe it should. With these kinds of things, it's easy to think that they happen to other people, but while the stats show that younger people are disproportionately represented among victims of tech support scams, it's still a kind of fraud that affects people of all ages, all around the world. In fact, Microsoft surveyed people in Australia, Brazil, Canada, China, Denmark, France, Germany, India, Singapore, South Africa, the United Kingdom, and the United States on the matter, which makes it patently obvious that this scam is a pretty widespread con.

So how do you spot a scam? Firstly, if someone calls you claiming to be from Microsoft, you're almost certainly being scammed because that's highly unlikely to ever happen. You could ask them a bit more about why they're calling if you're not sure; scammers are usually pretty vague, relying on you being too panicked about the potential threat to your computer to listen to the specifics. Stay calm, and pay attention to what they really say. Ask if there's a fee for what they're offering. If they say yes, hang up. If they want you to install something on your PC that you haven't asked for or ordered, hang up.

The same thing applies if you come across an email or pop-up. No-one's going to email you if you've got a virus, you can just send those emails to your Spam folder. If you see a pop-up alert, check where it's coming from. If it's from your own security software, you should take it seriously, but if it's in a browser window, it's a scam. Don't click on banner ads on websites that claim to have detected a problem - they're scams. And if you're visiting a site you know well and trust, but something looks strange, don't enter any personal details. The site might have been hacked, or you might have been redirected to a phishing site. And again, that isn't because your computer is at fault, it's because the scammers are hoping to persuade you that there is so that they can take your money.

As always, a bit of common sense, and taking a moment to properly evaluate what someone's telling you, could be invaluable. But if you do fall for a scam, don't be too scared to ask for help or to report it to the authorities; criminals make their livelihood off people's trust, and you shouldn't feel embarrassed. There are a lot of other people out there in the same boat as you, but by reporting it you might be able to recover anything you've lost, and also contribute to stopping more people getting scammed in future.