publishing date icon
September 29, 2022
read time icon
5 min. read

What to do when hackers pose as IT or tech support

Simply by posing as an IT person via a text message or behind a computer, an attacker can gain physical access to your computer and in seconds compromise not just your computer but your entire company network.

Author image
Reetta Sainio
Junior Threat Analyst
Post hero image

Table of contents

share this post

A person who utilizes social engineering to impersonate an IT support or helpdesk worker can cause a lot of damage, because pretty much every company used technology and only a select few truly and wholly know how that technology works. This type of attack is very effective and widely used. Simply by posing as an IT person via a text message or behind a computer, an attacker can gain physical access to your computer and in seconds compromise not just your computer but your entire company network. This is what happened recently to Rockstar Games and Uber. Both companies were hacked by a 17 year-old who was posing as IT support and simply phished his way into these multi-billion-dollar companies.

Impersonating a technical support worker can be implemented in various ways. One popular way is to gain access by phone. Once an attacker reaches someone with a random phone number, the attacker can pretend to be a tech support person. Then, walking them through some technical problem, and doing so, have them download and run a program containing viruses or backdoor access to their computer. In this post, we are concentrating in attacks via email.

One of the attacks we see most often is hackers attempting to steal account information by impersonating well-known technology companies like Microsoft and Google. Check out the example below. It’s a phishing attack where a user is asked to give their Microsoft username and password. The attacker says they are from Microsoft’s IT helpdesk, and if you won’t reconfirm your password, your account will be deleted due to suspicious activity. Here you can also see one of the more increasingly used elements that attackers add to make a message seem safe and authentic: a green “safe sender banner”. In this case, the banner states that the message was sent from a source known to the company. It’s not a real “safe sender” banner. Obviously.

Another common scam which involves impersonating tech support is the “pending message” notification. Again, in this example, the attacker is impersonating a Microsoft IT Administrator for the company. Usually, these types of scams seem to come from the email service provider, but they can also come from your company’s internal IT team. We’ll cover those kind of threats in a future post. Fun!

The message below is simple and contains instructions for opening pending messages intended for the recipient. They only have to download an attachment and open it. Sounds easy, right? Well… WRONG. The attachment can infect your computer with a virus, or it could potentially open a fake login page that collects your login details.

Many tech support scams begin with an alert message. These messages typically encourage the victim to follow a link or to call a phone number for technical assistance. Often, these messages have a list of threatening-sounding files found in victim’s computer or information about a possible unusual login attempt. Here, we’ll show you an example of the latter. This alert below informs us that there’s been a login from an unknown IP address to your device. To confirm that this is not you but someone else accessing your computer, you need to review your security info and probably change your password. However, what actually happens is that you enter your current login information during the process.

The last example we’ll review here uses a sense of urgency. This is a favorite tactic with hackers: they want you to perform for them, and nothing works better than a sense of urgency. Here, they’re asking you to quickly accept or decline your request to sign out and turn off your device. It’s pretty scary that someone would have made such a request on your behalf. Thus, in this situation, it’s easy to let panic take over and click the link. After you do this, your credentials are stolen.

Staying off the hook:

In order to protect against these types of attacks, remember these:

  • Do not open anything that seems suspicious
  • Think twice before fixing an “urgent” technical problem
  • Technical support will never ask your login details, since they usually have access to this information
  • Always question the person introducing themselves as tech support
  • Check the spelling, as often these messages are poorly written

Subscribe to Threat Feed

Subscribe to Hoxhunt's Threat Feed to get the latest phishing threats delivered to your inbox, every Friday.

Form CTA

Hoxhunt needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.