There is a risk that in 2022 various technology support scams will increase in their strike rate, potentially fooling more workers than ever. These support scams are an industry-wide issue. Here, scammers use scare tactics to trick a person into unnecessary technical support services to supposedly fix device or software problems that do not exist. In some cases, this leads to high fees being charged; in other cases it leads to data theft.
Looking at this topic for Digital Journal is Nicolas Joffre, Security Operations Manager at the firm Vade.
Joffre says we have seen a variety of different technology support scams already in 2021 and these will continue. He explains: “We’ve seen a large amount of tech support scams impersonating McAfee, Norton and Windows Defender in 2021.”
What is interesting about the attacks is with the different formats they have taken. Joffre observes: “The attacks used a variety of techniques to bypass filtering technologies such as brand obfuscation, telephone number obfuscation, the use of images, sending from high reputation domains and more.”
Despite the variety of different guises, the base nature of the attacks is very similar, as Joffre notes: “The ask from these attacks was to call a toll-free number, which unfortunately many individuals did. It is very likely to be an active form of attack next year due to its success in 2021.”
A second area of concern is in the form of brand impersonation techniques. Brand impersonation refers to a malicious activity designed to impersonate a trusted company or a brand in order to fool victims into responding and disclosing personal or otherwise sensitive information.
Not only are these also rising in frequency, they are also becoming more sophisticated. This has been charted by Damien Alexandre, Engineer Expert, who also works at Vade.
Alexandre warns that: “It’s critical in 2022 for brands to protect themselves and individuals to keep a watchful eye. This year, brand impersonation utilizing procedurally-generated graphics was on the rise.”
Alexandre explains this activity further: “This occurs when HTML and CSS are used to display the Microsoft or Chase logo, for example, in a phishing attack to make the threat seem much more realistic to an individual and bypass image analysis technology. In an inbox, it would appear to have come from the brand in question.”
He concludes, warning: “As we look ahead to 2022, it is likely this technique remains popular.”
