Beware of hackers showing up pretending to be IT

A personification walks into an office, says they are from IT and asks to beryllium astatine a machine for a speedy fix. Most labor would consciousness relieved. Finally, personification came to lick nan tech problem. That spot is precisely what one cybercrime group appears to beryllium counting on.

The FBI is warning that a group called nan Silent Ransom Group is targeting U.S. businesses, particularly rule firms, by pretending to beryllium IT support. The group first tries to talk labor into installing distant entree software. When that fails, nan scam tin move from nan telephone to nan beforehand door.

That is wherever things get particularly brazen. According to nan FBI, these impostors whitethorn show up successful personification pinch flash drives, outer difficult drives and different equipment. Once they beryllium astatine a workstation, they tin transcript delicate files, summation much entree and time off down malware.

Then they locomotion away. The institution whitethorn not perceive from them again until nan ransom request arrives.

PROTECTING YOURSELF FROM MICROSOFT TECH SUPPORT SCAMS

A clone IT support sojourn tin look regular until delicate files are copied from a institution computer. (Jens Schlueter/Getty Images)

Sign up for my FREE CyberGuy Report

• Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox.
• For simple, real-world ways to spot scams early and enactment protected, sojourn CyberGuy.com - trusted by millions who watch CyberGuy connected TV daily.
• Plus, you'll get instant entree to my Ultimate Scam Survival Guide free erstwhile you join. 

How nan clone IT support scam works

The Silent Ransom Group, besides known arsenic Luna Moth, Chatty Spider and UNC3753, uses telephone calls, phishing and old-fashioned nerve. The scam often starts pinch a call. The personification connected nan telephone pretends to beryllium IT support and tries to person nan worker to install distant desktop software. That package gives nan attacker entree to nan computer.

If nan worker refuses aliases nan scheme fails, nan attacker whitethorn nonstop personification to nan office. That personification past poses arsenic tech support. They whitethorn opportunity they request to troubleshoot a problem, update a strategy aliases cheque a device. Once seated astatine nan computer, they insert a USB thrust aliases outer difficult drive. From there, they tin propulsion disconnected files and softly summation their access.

The FBI says nan group uses stolen information to extort victims. They frighten to waste nan files aliases station them online. They whitethorn besides telephone labor aliases clients to unit nan institution into paying. That adds a individual furniture to nan attack. It besides turns stolen files into a nationalist shaming campaign.

Why clone IT support scams target rule firms

Law firms clasp immoderate of nan astir delicate accusation a business tin store. That tin see customer records, lawsuits, contracts, financial specifications and backstage negotiations. For criminals, that accusation has worth moreover without encrypting a azygous computer.

This group appears to attraction connected stealing information first. Then it uses embarrassment, ineligible unit and customer panic arsenic leverage. That makes rule firms an charismatic target.

However, nan informing should interest immoderate business that handles delicate records. Medical offices, financial firms, security companies and mini businesses tin look akin risks. A clone IT worker does not request a immense hacking setup if personification lets them beryllium down astatine a computer.

YOUR EMAIL DIDN’T EXPIRE; IT’S JUST ANOTHER SNEAKY SCAM

Hackers whitethorn show up pinch flash drives aliases outer difficult drives while pretending to hole a method problem. (Maxim Konankov/NurPhoto)

Why clone IT visits tin fool employees

Most group image hackers hiding down screens successful different country. This informing flips that idea. Here, nan threat whitethorn get pinch a badge, a laptop container and a calm voice.

That makes nan scam easy to miss. A receptionist whitethorn deliberation nan personification has an appointment. An worker whitethorn presume personification other approved nan visit. A engaged head whitethorn activity them done because nan personification sounds confident. That is nan trick.

The attacker takes advantage of workplace habits. People want to beryllium helpful. They want surgery tech fixed. They besides whitethorn not want to situation personification who appears to cognize what they are doing. However, politeness tin springiness a criminal nan opening they need.

Warning signs of a clone IT support scam

A astonishment IT sojourn should raise questions. Be observant if personification shows up without a scheduled ticket, refuses to sanction who sent them aliases asks to usage a machine without supervision. Also, watch for anyone who brings their ain flash thrust aliases outer drive.

Another reddish emblem is urgency. Scammers often unreserved group truthful they skip normal checks. They whitethorn opportunity nan rumor needs contiguous attention. They whitethorn declare a information update failed. They whitethorn opportunity your instrumentality has a problem that could impact nan full office. That unit is nan point. Slow nan business down earlier anyone gets access.

FBI WARNS ABOUT NEW EXTORTION SCAM TARGETING SENSITIVE DATA

The FBI says businesses should verify each astonishment IT sojourn earlier anyone gets entree to a workstation. (Kurt "CyberGuy" Knutsson)

Ways to enactment safe from clone IT support scams

The bully news is that a fewer elemental habits tin make it overmuch harder for a clone IT worker to get past nan beforehand desk, beryllium astatine a machine aliases locomotion retired pinch delicate files.

1) Verify each IT sojourn earlier giving access

Never fto personification beryllium astatine a machine because they sound official. Call your company's known IT number. Do not usage a number nan visitant gives you. Confirm nan person's name, logic for sojourn and summons number. If your business uses extracurricular tech support, support an approved vendor database astatine nan beforehand desk. Staff should cognize who tin participate and who needs guidance approval.

2) Require visible support for extracurricular support

Create a elemental rule. No extracurricular technician gets workstation entree without support from a head aliases IT lead. That support should hap done a known channel. A speedy verbal declare should ne'er beryllium enough. This protects employees, too. It gives them support to region a suspicious business without emotion rude.

3) Lock down USB drives and outer storage

Businesses should restrict USB entree wherever possible. If labor do not request outer drives for regular work, artifact them. If they do request them, limit entree to approved devices. Attackers emotion removable retention because it tin move information fast. That mini instrumentality tin transportation retired customer files, payroll records aliases ineligible documents successful minutes.

4) Train labor to situation astonishment tech support

Security training should see in-person scams, not only phishing emails. Employees request to cognize that a friends visitant tin still beryllium dangerous. They should consciousness comfortable saying, "I request to verify this first." That 1 condemnation tin extremity an attack.

5) Watch for different distant entree tools

The FBI says SRG often tries to get victims to instal distant desktop guidance tools. Your IT squad should show for caller distant entree software. They should besides reappraisal alerts erstwhile those devices look connected computers that should not person them. Legitimate devices tin go vulnerable erstwhile criminals usage them.

6) Limit entree to delicate files

Employees should only entree files they request for their role. That way, if 1 machine gets compromised, nan attacker gets little data. Strong entree controls tin trim nan harm from a stolen laptop convention aliases a clone IT visit.

7) Use beardown logging and endpoint monitoring

Businesses should way instrumentality connections, record transfers and privilege changes. This tin thief spot suspicious activity aft an unauthorized visit. It tin besides springiness investigators a clearer timeline if information leaves nan network.

8) Have a beforehand table information process

A receptionist aliases agency head should person a written checklist for unexpected visitors. That checklist tin see photograph ID, institution name, summons number and approved contact. Visitors should ne'er rotation done an agency alone. A clone IT worker counts connected confusion. A checklist creates friction.

9) Report suspicious IT impersonation attempts

If personification shows up pretending to beryllium IT support, study it correct distant to your manager, your IT squad and section rule enforcement if needed. Businesses tin besides study cybercrime tips to nan FBI's Internet Crime Complaint Center astatine IC3.gov. Even if nan personification leaves earlier getting access, nan effort still counts. It whitethorn thief investigators link nan sojourn to a larger campaign.

10) Use beardown information package connected each computer

Install trusted information package connected agency computers to thief observe malware, ransomware and different threats if personification gets entree to a machine. For example, beardown antivirus package provides real-time protection against malware, spyware, ransomware and different online threats connected a PC aliases Mac. Still, package should support your visitant checks, USB controls and worker training, alternatively than switch them. Get my picks for nan champion 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

Kurt's cardinal takeaways

The unsettling portion of this FBI informing is really normal nan onslaught looks. No melodramatic break-in. No Hollywood-style hacking screen. Just personification pretending to help. That is why this scam tin work. It blends into a normal workday. It uses trust, velocity and workplace unit to get past defenses. So nan adjacent clip personification says they are from IT, region earlier handing complete your keyboard.

Would you situation a astonishment tech support sojourn astatine work, aliases would you presume personification other already approved it? Let america cognize by penning to america astatine Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

• Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox.
• For simple, real-world ways to spot scams early and enactment protected, sojourn CyberGuy.com - trusted by millions who watch CyberGuy connected TV daily.
• Plus, you'll get instant entree to my Ultimate Scam Survival Guide free erstwhile you join.

Copyright 2026 CyberGuy.com. All authorities reserved.