Scenario

It’s late on a Wednesday and you still have a ton of stuff to do. Suddenly, your computer screen is covered with a dire message saying you have a Trojan and no matter where you click, nothing happens.

You call the phone number at the bottom of the screen and the technician talks you through getting out of the warning screen and asks you to download an app so they can help you clean up the computer.

The scenario above is a Tech Support scam. The Trojan screen was just a web page that covered your entire screen, and the helpful technician was anything but helpful.

Clearly, the best outcome is to never let the attacker onto your computer to begin with. However, what should you do if you only realize this is a scam after you’ve let them log onto your computer?

What to do

1. Disconnect your computer from the internet / network immediately. If hardwired, unplug the network cable. If Wi-Fi, disconnect from it.

2. Contact your compliance officer or department immediately and follow their instructions.

What NOT to do

1. Do not just close the remote-control software window on your computer and think that’s gotten the attacker off your computer. Most of the remote-control tools used by criminals will install themselves behind the scenes which will allow reconnection to your computer without you knowing. We’ve had recent cases where the victim believes the attacker was only on the system for a few minutes, but it turned out the attacker reconnected and was on for hours poking around and transferring files.

2. Do not uninstall any software, including the remote-control software installed by the attacker. Uninstalling the software could remove valuable clues as to what the attacker has done. It also makes it difficult for those investigating the incident to determine what was done by the attacker and what was done by the user while trying to recover. This makes the investigation take much longer.

3. Don’t run antivirus unless you have been instructed to by compliance or someone on the cyber investigation team.

4. Hold off on contacting your local IT group until you have gotten clearance from compliance or the cyber investigation team. Your local IT group may not be familiar with the requirements for any cyber insurance you may have or understand the reporting requirements you have to the various regulatory bodies.

Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.