3 Tech Support Scam Tactics Targeting Small Businesses and How to Counter Them

Tech support scams have been around for years, tricking people into paying for fake IT support or giving remote access to scammers. But now, cybercriminals are shifting their focus to small businesses. Why? Because many small business owners don't have an in-house IT team or a dedicated tech provider, they can trust. Scammers exploit this gap, pretending to be Microsoft, Apple, or well-known IT service providers to gain access to business data, install malware, or steal money.

And the problem is only getting worse. According to the FBI's Internet Crime Report, tech support scams resulted in $924.5 million in reported losses in 2023, a 15% increase from the previous year. The number of reported cases has skyrocketed over the past five years, jumping from 13,633 cases in 2019 to 37,560 in 2023. Small businesses are becoming a prime target, as scammers see them as easier prey.

If you run a small business, knowing how these scams work and how to counter them is critical to protecting your company.

Real Story: FBI Cracks Down on Multi-Million Dollar Tech Support Scam

A tech support scam that tricked thousands of victims into believing their computers were infected has finally been shut down, thanks to an investigation led by the FBI Knoxville Cyber Squad.

It all started with a single complaint to the Internet Crime Complaint Center (IC3). That tip led investigators to uncover a massive fraud operation run by Ankur Khemani and the Sterk family from Iowa. Khemani and his co-conspirators scammed more than 14,000 victims, stealing over $4 million by posing as tech support specialists and pressuring people into paying for fake services.

The investigation revealed that the Sterk family played a key role in laundering the stolen money. They opened more than 30 bank accounts to move funds collected from victims.

Source: FBI's 2023 Internet Crime Report

"Don't you want your computer fixed?"

Tech support scammers use various tactics to make business owners believe their devices or accounts are at risk.

Cold Calls: You receive an unexpected call from someone claiming to be from "Microsoft Support" or a well-known IT service provider, warning you about a security issue.
Fake Pop-Ups: While browsing the internet, a pop-up appears, alerting you that your business computer has been infected. It urges you to call a "toll-free support number" for immediate help.
Phishing Emails: You receive an email that appears to be from a trusted tech company, warning about a security breach and asking you to click a link to "fix" the problem.
Social Media & Ads: Some scammers even create fake ads on Google, Facebook, or LinkedIn, offering IT support services that are actually scams

3 Types of Tech Support Scams & How to Spot Them

1. Fake Tech Support Calls

You receive an unexpected call from someone claiming to be from Microsoft, Apple, or another well-known tech company. They warn that your computer or business network is infected with a dangerous virus or experiencing security issues. The caller pressures you to give them access or install remote access software, which allows them to steal your data.

Red Flags:

Legitimate tech companies don't make random calls offering support.
The caller warns of an imminent system failure, data loss, or hacking attempt.
They ask you to install software like AnyDesk or TeamViewer, giving them full control of your device.
They demand immediate payment for tech support services.

How to Protect Your Business:

Ignore the Call – Hang up and do not provide any personal or business information.
Verify the Source – If you're concerned, contact the real company using their official website.
Set Internal IT Rules – If your business has employees, ensure they know how to report suspicious tech support requests.

2. "Free" Tech Trials, Antivirus or Software Downloads

Scammers lure you with "free" software trials or IT services. To access the offer, you're asked to enter your credit card details for verification. Later, you discover hidden fees, automatic charges, contract scams or malware installed on your device. Other times, scammers pose as tech consultants or service providers, offering to audit your existing IT contracts or promising huge savings on support plans. If you sign up, you may be locked into expensive, unnecessary services or even fake contracts that deliver nothing.

Red Flags:

The software or service claims to be free or unusually cheap.
Fine print in the terms may enroll you in costly subscriptions.
Scammers distribute malware through fake websites or ads.

How to Protect Your Business:

Do Your Research – Before downloading or signing up, check reviews from reputable sources.
Stick to Trusted Websites – Only download software from official company sites.
Monitor Credit Card Statements – Regularly review your billing history for unexpected charges.

3. The Ransomware "Fix" Scam

A scammer contacts you, claiming they've detected ransomware on your business network. They offer an immediate "fix" for a fee, insisting that if you don't act fast, you'll lose all your data. However, they often provide no proof of any actual infection—just fear tactics to pressure you into paying.

Red Flags:

They claim to have detected ransomware on your system but provide no concrete evidence.
They demand immediate payment before offering any details or solutions.

How to Protect Your Business:

Disconnect affected devices from the internet to stop the spread.
Never Pay Scammers – Paying won't guarantee they remove the ransomware, and it may make you a repeat target.
Consult a Real Cybersecurity Expert – Work with a trusted IT professional or security provider to assess the situation.

What to Do If You Fell Victim to a Tech Support Scam

If you've already interacted with a tech support scammer, acting quickly to minimize damage and prevent further harm.

1. Disconnect Your Device – If you granted remote access to a scammer, immediately disconnect your computer or phone from the internet to cut off their control.

2. Change Your Passwords – If you shared login credentials or suspect malware, change your passwords for all business accounts, especially banking, email, and software services.

3. Scan for Malware – Run a full security scan using a trusted cybersecurity solution to detect and remove any malware the scammer may have installed.

4. Contact Your Bank – If you made a payment, contact your bank or credit card provider immediately to dispute charges and request a refund. If you paid via gift card or cryptocurrency, report the scam to the provider, but note that recovery may be difficult.

5. Report the Scam – Notify the relevant authorities:

U.S.: Report to the Federal Trade Commission (FTC) at ReportFraud.ftc.gov
UK: Report to Action Fraud at www.actionfraud.police.uk
Canada: Report to the Canadian Anti-Fraud Centre at www.antifraudcentre-centreantifraude.ca
Other Countries: Contact your local consumer protection agency.

6. Inform Your Employees – If you run a business, educate your team about what happened to prevent others from falling for similar scams.

7. Strengthen Your Protection with Bitdefender Ultimate Business Security.

One of its standout features is Scam Copilot, your personal scam detector and assistant. When you receive a suspicious email, unexpected tech support call, or an alarming pop-up claiming your business devices are infected, you can send it to Scam Copilot, which analyzes threats in real-time and alerts you to potential fraud. This tool also provides guidance on how to handle them, reducing the risk of falling victim.

Other features include:

Email Protection: Automatically scans and blocks phishing emails, suspicious links, and fake invoices to keep malicious content out of your inbox, and prevents BEC attacks by stopping phishing attempts before they can trick you.
Business Digital Assets and Identity Monitoring: Continuously monitors your business's online presence, alerting you to data breaches, unauthorized use of your business name, or the exposure of sensitive information—even on the dark web.
Password Management: Strengthen your business's security posture with the Password Manager, which generates strong, complex passwords in line with best practices.
Secured Remote Work: A built-in VPN ensures secure communication for remote employees, protecting your team from unsecured public Wi-Fi networks at coffee shops or airports.
Device Protection: Offers real-time detection and blocking of malware, including viruses, ransomware, and spyware, across all your team's devices—laptops and smartphones included.

Check out the plans here.

FAQs

How can I tell if a tech support call is a scam?

Legitimate tech companies like Microsoft, Apple, or Google won't call you out of the blue to fix a problem. If someone claims your computer is infected and pressures you to pay for support or install remote access software, it's a scam. Hang up, don't share any information, and contact the company directly using their official website.

What should I do if I clicked on a link or allowed remote access to a scammer?

If you gave a scammer remote access, disconnect your device from the internet immediately to cut off their control. Run a full security scan with trusted cybersecurity software, change your passwords, and contact your bank if you made any payments. Report the scam to the FBI's IC3 in the US or your country's fraud reporting agency.

How does Bitdefender's Scam Copilot help protect my business?

Scam Copilot acts like a personal scam detector and assistant, analyzing messages, emails, and suspicious links in real-time. It helps you spot scams before you click, respond, or provide sensitive information, reducing the risk of fraud and cyberattacks on your business. Combined with Bitdefender Ultimate Business Security, it ensures you stay one step ahead of scammers.