By REBECCA RUTHERFORD
According to a joint advisory by the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) cyber criminals are actively exploiting remote management software, like LogMeIn and AnyDesk, in phishing campaigns aimed to steal money from victims.
Phishing campaigns spoofing tech support or anti-virus renewals have been trending for months. The phishing emails claim to be an invoice from companies such as Geek Squad and Norton, usually noting that your credit card has been, or will be, charged for the subscription. To reverse or avoid the charges, the user is asked to call a number.
These generally do not have a clickable link, and in some cases the “invoice” is attached as a .jpg file with no additional text. Why? Because anti-phishing protections in your email are generally looking for text or other patterns they can recognize as malicious. They can’t detect the text in the image file, making it easier for it to get thru to you.
An example of what this might look like is below, from the FTC’s website:
The truly scary part of this scam happens if you call the number in the email. The scammer on the other end will claim to be with a help desk and try to get you to install remote monitoring software, like LogMeIn, AnyDesk, etc. so they can help you “cancel” the payment. Since these are legitimate software, your anti-virus won’t stop the install. Once the software is installed the scammers have full access to your computer and will offer to aid you in removing the charge by having you login to your bank account to reverse it … you can see where this is going. At this point they can do whatever they want, steal your passwords, transfer funds from your account to their own, anything.
The full alert from CISA can be read here but the best way to defend yourself against this scam is to be suspicious and aware. Like many phishing scams, this uses a sense of urgency to try to induce panic.
How can you avoid falling for a scam like this?
- Closer examination of the email will reveal it is from a free email service like Gmail, Yahoo, etc. A company like Norton or Geek Squad would never use a free email service to send an invoice. Always inspect an email before blindly replying, clicking or calling a number.
- Email addresses can be easily spoofed, and it can be difficult to tell without reviewing the email’s headers to see who the actual sender is. If you get an email claiming to be from one of these companies about a charge, assume it is a scam and delete it.
- If you are concerned, you can always call the company directly by searching for their information online and contacting them thru their website.
- Is this even a company you use? If not, why would they be emailing you about a charge?
- Never give remote access to your computer to an unknown party, once you hand over that access you are compromised, and could be for quite some time.
- Sometimes these scams come in via text, it is unlikely a company like Norton would text you about an invoice, just delete the message and do not interact with it.
- Be suspicious of texts/emails/phone calls from unknown parties; if it feels off it probably is.
These tech support scams have been popular for quite some time and are not going away. If any of these make it thru to your inbox, assume it is a scam and delete it without further interaction.
Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.