NOTICE: Increase in remote tech support scams

Remote tech support scams are on the rise and the tactics are evolving. There is a current trend in which scammers contact people regarding a fake security issue or fake issue with their financial accounts, for example, saying they have been compromised, and then use remote desktop software to manipulate their computers and accounts, causing financial losses for victims.

Remote tech support scams are becoming more sophisticated in their tactics and individuals are increasingly falling for them, incurring major financial losses.

Tech support scams have evolved in sophistication and increased in recent years, including those utilizing remote tech support tactics. These scams can result in significant loss of funds (sometimes an individual’s entire life savings).

Individuals should be on alert for unexpected or unsolicited contact from anyone claiming to be from a tech support company, whether it is a phone call, text, email or popup alert on a device.

Please share this information about remote tech support scams with faculty, staff and students in your unit along with the related Phishing Alert: Increase in Remote Tech Support Scams.

Scammers initiate contact with their target typically with a phone call, email or text; or a victim may receive a popup alert on their computer instructing them to call a telephone number to receive help with their fictitious computer or account problem.

Fraudsters may pretend to be from a well-known company and convince the individual that they have a tech support problem, such as:

• Financial accounts have been compromised, and that their funds need to be moved.
• A software license needs to be renewed.
• An email account has been compromised.
• A security alert issue needs to be addressed.

Scammers often ask the victim to install free, remote desktop software so they can monitor and take actions on the person’s computer. If fraudsters gain control of a device, they may steal data from a victim’s computer or from files connected to it. They may also install other malicious or unapproved software, or change settings to maintain control of the device. 

Scammers may direct victims to wire or transfer funds out of their bank or brokerage accounts to cryptocurrency exchange or to transfer their crypto wallet contents to a different wallet to “safeguard” them. Fraudsters may have fake support websites to lure crypto owners to contact them.Then they convince victims to hand over control of their crypto accounts or give them their login information.

ITS provides CrowdStrike Falcon to units, which should be installed on all U-M owned systems (Windows, macOS, and Linux operating systems, whether workstations or servers). Falcon administrators in ITS and in U-M units use the Falcon console to investigate and remediate issues.

Please be aware of evolving tech support scam tactics, and keep the following in mind:

• Legitimate tech or customer support representatives never send unsolicited messages to customers.
• Tech support representatives never demand payment immediately or ask for payment in cash, prepaid gift cards, cryptocurrency or wire transfers.

Take the following actions to avoid these scams:

• If you receive a phone call that you didn’t expect from someone claiming to know there is a problem with your computer or account, hang up.
• If you see a popup alert on your computer asking you to call a telephone number, do not call the number. Legitimate alerts do not ask you to call a number.
• U-M Devices: Do not let anyone, outside the ITS Service Center or U-M IT staff that you contact, install software on or take control of your U-M device. 
• Personal Devices: Similarly, do not allow unknown individuals or remote tech support access to your personal computer or devices. 
• If you need help with your computer, contact an organization you know and trust. 
  • If it is a UM provisioned device, contact the ITS Service Center.
  • If it is a personal device, For your personal computer, contact Tech Repair or another local, reputable repair service. Pay attention if you search for support online. Some fraudsters have fake websites claiming to be well-known companies that appear in search results.

If you think you got caught by one of these scams, take action to protect your information and university computing resources:

• If you gave out U-M info, such as your UMICH (Level-1) or Michigan Medicine (Level-2) password, or allowed access to your university-owned computer:
  • Change your UMICH (Level-1) password at UMICH Account Management.
  • At Michigan Medicine, change both your Level-1 and Level-2 passwords at lvl2.med.umich.edu.
  • Report an IT security incident.
• If you gave out personal info, such as your credit card number,
  • Notify your credit card provider. You may need to have your card replaced.
  • File a complaint with the Internet Crime Complaint Center
  • Put a fraud alert or hold on your credit report.
• For instructions, see If You Suspect Your Identity Has Been Compromised or Stolen.

In general, the best protection for your devices is this: keep your software and apps up-to-date, do not click suspicious links in email, do not open shared documents or email attachments unless you are expecting them and trust the person who sent them, and only use secure, trusted networks. For more information, see Phishing & Scams, Tech Support Scams, Secure Your Devices, and Secure Your Internet Connection on the U-M Safe Computing website.