Microsoft says it received 153,000 reports in 2017 from customers who’d come in contact with tech-support scammers via a cold call, spam, or the web.
The reports from customers last year were up 24 percent on 2016, with filings coming from 183 countries.
Despite being a well-known fraud, some 15 percent of Microsoft customers who reported incidents lost money. Losses were typically between $200 and $400 each.
However, Microsoft received one report of a customer in the Netherlands, whose bank account was drained of €89,000 ($109,000) after contact with a tech-support scam.
As noted by Windows Defender research project manager, Erik Wahlstrom, Microsoft’s figures only reflect part of the tech-support scam problem, which also targets macOS, iOS, and Android.
The FBI in March reported it had received 11,000 tech-support fraud complaints in 2017 with claimed losses totaling nearly $15m, up 86 percent on reported losses in 2016. It received reports from victims in over 80 countries.
Part of the problem lies in the huge variety of hooks and techniques the scammers use. Besides masquerading as Microsoft staff, scammers also claim to represent GPS and printer companies, as well as ISPs.
And along with phone calls, scammers reach victims through paid search results, pop-up messages, browser lockers, and phishing emails, with bogus warnings about fraudulent bank charges or fake refunds.
The FBI has recently seen a new trend emerging for scammers to retarget past tech-support victims by posing as government officials or law enforcement, and offering assistance recovering lost funds for further fees.
Some scammers also threaten legal action if victims don’t pay to settle outstanding debts for tech-support services.
And once scammers have been granted remote access, they’re not just presenting bogus security warnings, but increasingly downloading personal information and using it to request bank transfers or to open new accounts to make fraudulent payments.
Microsoft’s advice for anyone who has given personal information to fake tech support or paid for bogus services is to uninstall any applications used to provide the fake support, run a scan with antivirus, change all passwords, and call the bank to reverse the charges.