Do not reply to calls or emails if you see this.
Along with unpaid road tolls, undelivered packages and fake bank calls, the most likely way cyber criminals will steal your data, your money, even your identity will begin with a serious problem on your PC. Following an FBI warning, Google has now stepped in.
“Tech support scammers continue to impersonate well-known tech companies,” the FBI warns. “Tech support companies will not initiate unsolicited contact with individuals.” The threat is not new, but attacks impersonating Google, Microsoft and other support staff are spiraling. Even major organizations are vulnerable to such attacks.
“Tech support scams are an increasingly prevalent form of cybercrime,” Google says. “The goal of the scammer is to trick you into believing your computer has a serious problem, such as a virus or malware infection, and then convince you to pay for unnecessary services, software, or grant them remote access to your device.”
This could start with a fraudulent popup message warning that there’s a problem, as we have seen with newly viral ClickFix attacks, or it could be an unsolicited email or phone call, or says Google, “we’ve also observed [attackers]
use full-screen takeovers and disable keyboard and mouse input to create a sense of crisis.”
Google has now introduced a new type of defense. The use of on-device AI with Chrome “to deliver higher confidence verdicts about potentially dangerous sites like tech support scams.” The company says LLMs are proving increasingly effective in spotting threats where users might not. “As such, we believe we can leverage LLMs to help detect scams at scale and adapt to new tactics more quickly.”
Doing this on-device “allows us to see threats when users see them. We’ve found that the average malicious site exists for less than 10 minutes, so on-device protection allows us to detect and block attacks that haven’t been crawled before.”
This approach also enables Google’s AI to see what a user sees. Current obfuscation techniques will check their environment to determine if it’s likely a user or a security researcher at the PC. They have escape paths to end attacks if any form of threat analysis is detected, making it harder for attacks to be intercepted and prevented.
This is part of Google’s latest generation of anti-scam defenses that are increasingly leveraging on-device processing to better protect users. Similarly, we now have messaging and even call protection coming with the latest Android OS release.
But for users, this should be unnecessary. Google and others continue to reiterate that they will never reach out to users by phone or email with an unsolicited offer of technical support. If you receive such a contact, it’s an attack. Above everything else, it’s only when that message finally lands that we’ll see such attacks diminish.
