How to avoid tech support scams

Scammers are getting craftier, according to a new report. Follow these tips to keep your money and identity safe.

Rick Broida Senior Editor
Rick Broida is the author of numerous books and thousands of reviews, features and blog posts. He writes CNET's popular Cheapskate blog and co-hosts Protocol 1: A Travelers Podcast (about the TV show Travelers). He lives in Michigan, where he previously owned two escape rooms (chronicled in the ebook "I Was a Middle-Aged Zombie").
Rick Broida
3 min read

This is a sample "scammer attack chain." It's all about getting you on the phone and then tricking you into paying for something (or, in this case, nothing).


The phone rings. It's a support tech calling from Microsoft : They've identified a virus on your computer, and a serious one at that. Fortunately, they can remotely connect to your PC and eliminate the threat. They'll just need a credit card number and permission to take control of your system to do it. 

That's just the kind of scam that's part of a "growing global problem," according to a recent Microsoft report. Tech-savvy thieves are devising newer and more inventive ways to trick people into paying for fraudulent services and/or divulging personal information.

"Scammers continue to capitalize on the proven effectiveness of social engineering to perpetrate tech support scams," wrote Windows Defender Research Project Manager Erik Wahlstrom. "These scams are designed to trick users into believing their devices are compromised or broken. They do this to scare or coerce victims into purchasing unnecessary support services."

So how can you avoid these scams? With a few tips and a little common sense.

Watch this: How to avoid tech support scams

Learn to spot phishing emails

The phishing email is one of the oldest tools in the scammer's arsenal, in part because it's so easy and inexpensive to wield. It's also shockingly effective, because it instantly creates fear and offers a resolution at the same time.

For example: "Your bank account has been compromised! Click here to change your password immediately!"

In this example, you click the link, sign into your bank account and change your password. Except, guess what: That was a fake page that just harvested your account info -- and maybe even installed some malware for your trouble.

Knowledge is the only protection you need against these emails. If you receive any kind of alarming message, don't click any of the links it contains. Instead, open a browser (or app) and navigate to your bank, store, etc. like you normally would. Then you can see if there's a problem -- and change your password if you think it's necessary. Another quick way to find out if the email is legit? Check the sender's address. The domain often doesn't match the company's official website.

Read more: How to spot a phishing email.

Hang up the phone

According to the aforementioned security bulletin, "Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication we have with you must be initiated by you. "

That's also true of your printer and GPS maker, your ISP and pretty much every other legitimate company. If there's a problem, they know you'll come to them.

So when the phone rings, even if the caller ID says "Microsoft" or "Comcast" and it sounds like someone from a call center, just hang up. If you still have concerns, call the company's main customer-service number directly and report the unsolicited call.

Ignore the pop-ups

If malware manages to sneak onto your computer, the first thing it's likely to do is plague your screen with pop-ups. These alerts -- which may look almost indistinguishable from actual Windows notifications -- will tell you your computer has been compromised (it has) and ask you to call a phone number for assistance.

Don't do it. "Microsoft's error and warning messages never include a phone number," according to Wahlstrom. If you want to call a company for help, find that company's support number elsewhere.

Read more: Why you should never Google tech-support numbers.

Use a password manager

Yeah, this again. If you use the same two or three passwords everywhere, then a hacker who manages to get your password can do a lot of damage. That's why it's critical to use a different password for every site and service -- a virtually impossible task without a password manager.

As an added bonus, some of these utilities can automatically change poor-quality and/or repeatedly-used passwords, thereby saving you a ton of time.

I'm a fan of Dashlane, but it costs $40 per year. Here's how to sync and save your passwords for free if your budget can't swing that.

When all else fails, remember the immortal words of Douglas Adams: Don't panic. Scammers use fear and a sense of urgency to trick you into making mistakes. If something weird or scary happens, either on the phone or your PC, just hang up (or shut down). Then you can regroup and make your next move.

The Smartest Stuff: Innovators are thinking up new ways to make you -- and the world around you -- smarter.

CNET Magazine: Check out a sampling of the stories you'll find in CNET's newsstand edition.