Breaking Compliance News Blog

When Senior Tech Support Scams are a Cybersecurity/HIPAA Issue

Posted by Scott Gima on 5/10/22 9:45 AM

tech support scams

The FTC regularly sends out consumer alerts on various scams. Turbo Tax’s “free” tax service and car dealer junk add-on fees are just a couple of recent alerts. Many times, these emails hit the trash bin after reading the subject line. This morning, my inbox had the FTC’s latest alert: Shutting Down Tech Support Scams. This morning was different – I opened the email and read the alert. Why? Because an older family member was a victim of a tech support scam.

First, let me tell you about my family member’s experience with a tech support scam. Some of the facts have been changed to protect the family member’s identity. But to make it easier, let’s call my family member Mom. Mom and Dad are retired and in their 80s. A few years ago, my family went to Mom and Dad’s house for Thanksgiving. While there, other siblings and cousins are discussing possible Christmas gifts, so I jump on Mom’s computer to do a little online shopping.

In the bottom right-hand corner, the Windows task bar typically has a bunch of icons that show programs that are loaded on startup. Mom’s taskbar showed a TeamViewer icon. TeamViewer is a legitimate remote desktop program that is typically used by tech support people to obtain remote access to a workstation, computer or laptop. I recognized the icon because TeamViewer has been used by our own company’s tech support. But there is no reason for Mom to have this program on her home computer. So I start asking questions and this is what I learned.

Earlier, Mom had a pop up on her screen that said: “Security Warning: ** Microsoft Warning Alert ** ERROR # MS-0x8024402c, Please call us immediately at [phone number].”. Fearful of viruses on her computer, she called the number.

The person answering said he was with Microsoft and asked for permission to get on her computer so he could conduct a virus scan. A few minutes later, he told Mom there were numerous viruses on her computer and recommended subscribing to an annual anti-virus service contract to prevent further infections. She provided her credit card information and was charged a support fee.

I did a little digging on her computer and also found a free version of an antivirus program. Mom confirmed that the antivirus program was used by the “tech support” person to find the viruses. I removed the antivirus and TeamViewer applications and asked Mom and Dad to review their credit card statements for any unusual purchases. None were found, but she did cancel her credit card. We also bought her a new computer. Luckily, she does not keep any sensitive personal information on her computer.

According to the FTC, seniors are frequent victims of tech support scams. If you have an older family member, it can’t hurt to ask them if they had something similar happen. A quick post script. Mom received a full refund from her credit card company for the sham antivirus software. Shortly after receiving her credit, she actually received a call from the “tech support” person who had the nerve to accuse her of fraud by complaining to her credit card company. She told the person that he was a scammer and hung up on him. He never reached out again.

Cybersecurity/HIPAA Lessons

The FTC consumer alert came with a video story of a senior who was a victim of a tech support scam. He did not want to tell anyone he was scammed, but when he brought it up, he found that others his age had similar experiences.

In healthcare, providers large and small are targets, not necessarily of tech support scams but definitely of phishing email ransomware attacks. I probably get at least one possible phishing email a week, if not once a day. As soon as I see one, I run it by someone. Do you? Don’t hesitate to discuss a suspicious email with a co-workers, supervisor, security officer, privacy officer, compliance officer or IT.

This tech scam also provides another important lesson for anyone who works from home and especially for someone using a shared personal home computer or laptop for work purposes. Without a doubt, a non-shared device should be used for work purposes and no personal tasks should take place on that device. If that is not possible, make sure there are no unusual programs or applications installed, especially a remote desktop program. If that device is compromised, any work information on that device is potentially compromised as well.

A final word on Mom. The tech support scam did not actually happen to my Mom. She passed away over three decades ago, so I felt comfortable using her as the fictious victim. I am not picking on her. In fact, my Mom was tech savvy and was the person that first introduced me to computers way back in the 80s, an IBM, with two 5¼ inch floppy disks. Thanks Mom! And a belated Happy Mother’s Day to everyone!

Sign up for MPA's Virtual HIPAA Training Course

HIPAA Training Snip

STG Signature 2021




Topics: HIPAA, security

    Privacy Policy           Terms of Use