Information security warns about fake tech support

Matt Grahn

Recently, a tech support employee notified senior Lezlie McEachern that her computer had a virus on it, or so she thought. McEachern was told to call a number so she could get her computer fixed. The “repair” was done in an hour. In reality, there was no virus, and McEachern paid $250 for nothing.

Lately, there has been a trend where people impersonate tech support in order to take people’s money, according to Brian Kelly, Quinnipiac’s chief information security officer. These fake techs, pretending to be from a company like Apple or Microsoft, will contact an individual by phone or email first, according to Kelly. Then, they’ll walk the person through the steps of treating the supposed issue using remote access, as if they were legitimate tech support.

“It’s not sophisticated hacking. They’re basically asking the user to take the action, and the user is doing it for them,” Kelly said.

When McEachern was first contacted, she was afraid of what might happen to her computer.

Once the scammer has access to your computer, he says they usually just pretend to fix your computer and charge for the service. However, due to the nature of remote access, sensitive data, like search history or banking information, can also be taken.

Part of the scam requires the individual to call a toll-free number. One number in particular, 1-855-971-2627, was mentioned in the MyQ announcement about the scam. The presence of this number in relation to the scam goes back to at least 2015, and is mentioned on a Virginia Tech website.

One way to protect yourself from this particular scam is to verify the party talking to you. Kelly says that, in terms of customer support, most companies won’t contact someone proactively.

In that event, one should contact the company directly and see if the claim is accurate.

“If you don’t initiate that conversation, you probably don’t want to have it,” he said.

Kelly said that he has heard of many students getting calls saying that they needed to have viruses cleaned out of their computer. Kelly says that, though he had to help out a student’s father, none of the students he had heard from fell for the scam.

When McEachern was first contacted, she was afraid of what might happen to her computer.

“‘If you don’t pay, then your computer will be shut down forever,’ so obviously I paid,” she said, recalling what the person on the phone told her.

McEachern only found out it was a scam when she later told her friend, who is an Apple employee. McEachern called the company back and ended up getting refunded.

“That’s a happy ending. I know that usually doesn’t happen, but that’s a happy ending for me,” she said.

Nonetheless, freshman Nathan Gaw is not pleased with the deception.

“You have to trust what people are trying to say to you, but you never know,” he said.

Senior Rob Cariddi thinks that, no matter what form it takes, stealing is stealing.

“It’s the same as any other crime. It’s like going into a Quick-E Mart or a Shop Rite and stealing food. It’s the same thing,” he said.

Even though Kelly feels that the Quinnipiac community does have a good sense of tech literacy, it’s issues like these that caused the Information Security department to begin wanting students to take a cyber security course they offer over on Blackboard. Kelly likens this to the sex ed and binge drinking courses done over MyQ during freshman year.

“We don’t necessarily have a problem, but… we’re trying to better educate our community on how to recognize these type of threats and attacks, so that online literacy course ensures that our students have a baseline the can go to to learn what those threats are,” he said.

McEachern likes the idea of the new course but questions what the response will be.

“I think it would be beneficial, but I don’t think people are gonna do it. Just like, we’re college students, but it’ll be beneficial,” she said.

When asked what advice she’d give to anyone in this situation, McEachern mirrored the advice that Kelly had given.

“Just look up the company that sent you the message, and if somebody sends you a message, don’t call them. You should be reaching out to people to help with your computer, somebody shouldn’t be reaching out to you, so just be careful about what you do on your computer,” she said.

Kelly says that Information Security plays a role on campus similar to Public Safety, trying to keep the Quinnipiac community safe online.

“Public Safety might put out an announcement that says, ‘There’s reports of crime going on in downtown New Haven, so be on the lookout then you go downtown,’” Kelly said. “We’re trying to do the same thing, saying that there’s things going on on the internet that students, staff and faculty should be aware of.”