What to do when hackers pose as IT or tech support

Simply by posing as an IT person via a text message or behind a computer, an attacker can gain physical access to your computer and in seconds compromise not just your computer but your entire company network.

Post hero image

Table of contents

A person who utilizes social engineering to impersonate an IT support or helpdesk worker can cause a lot of damage, because pretty much every company used technology and only a select few truly and wholly know how that technology works. This type of attack is very effective and widely used. Simply by posing as an IT person via a text message or behind a computer, an attacker can gain physical access to your computer and in seconds compromise not just your computer but your entire company network. This is what happened recently to Rockstar Games and Uber. Both companies were hacked by a 17 year-old who was posing as IT support and simply phished his way into these multi-billion-dollar companies.

Impersonating a technical support worker can be implemented in various ways. One popular way is to gain access by phone. Once an attacker reaches someone with a random phone number, the attacker can pretend to be a tech support person. Then, walking them through some technical problem, and doing so, have them download and run a program containing viruses or backdoor access to their computer. In this post, we are concentrating in attacks via email.

One of the attacks we see most often is hackers attempting to steal account information by impersonating well-known technology companies like Microsoft and Google. Check out the example below. It’s a phishing attack where a user is asked to give their Microsoft username and password. The attacker says they are from Microsoft’s IT helpdesk, and if you won’t reconfirm your password, your account will be deleted due to suspicious activity. Here you can also see one of the more increasingly used elements that attackers add to make a message seem safe and authentic: a green “safe sender banner”. In this case, the banner states that the message was sent from a source known to the company. It’s not a real “safe sender” banner. Obviously.

Phishing attack where a user is asked to give their Microsoft username and password


Another common scam which involves impersonating tech support is the “pending message” notification. Again, in this example, the attacker is impersonating a Microsoft IT Administrator for the company. Usually, these types of scams seem to come from the email service provider, but they can also come from your company’s internal IT team. We’ll cover those kind of threats in a future post. Fun!

The message below is simple and contains instructions for opening pending messages intended for the recipient. They only have to download an attachment and open it. Sounds easy, right? Well… WRONG. The attachment can infect your computer with a virus, or it could potentially open a fake login page that collects your login details.

Phishing attach with downloadable attachment


Many tech support scams begin with an alert message. These messages typically encourage the victim to follow a link or to call a phone number for technical assistance. Often, these messages have a list of threatening-sounding files found in victim’s computer or information about a possible unusual login attempt. Here, we’ll show you an example of the latter. This alert below informs us that there’s been a login from an unknown IP address to your device. To confirm that this is not you but someone else accessing your computer, you need to review your security info and probably change your password. However, what actually happens is that you enter your current login information during the process.

Phishing attack with login alert message


The last example we’ll review here uses a sense of urgency. This is a favorite tactic with hackers: they want you to perform for them, and nothing works better than a sense of urgency. Here, they’re asking you to quickly accept or decline your request to sign out and turn off your device. It’s pretty scary that someone would have made such a request on your behalf. Thus, in this situation, it’s easy to let panic take over and click the link. After you do this, your credentials are stolen.

Phishing attack provoking a sense of urgency


Staying off the hook:

In order to protect against these types of attacks, remember these:

  • Do not open anything that seems suspicious
  • Think twice before fixing an “urgent” technical problem
  • Technical support will never ask your login details, since they usually have access to this information
  • Always question the person introducing themselves as tech support
  • Check the spelling, as often these messages are poorly written

Want to learn more?
Be sure to check out these articles recommended by the author:
Get more cybersecurity insights like this