FRAUD SCENARIO LIBRARY

Tech-Support Scam

Fraud schemes where scammers pose as tech support agents - often from well-known companies - to trick victims into granting access to devices or making payments for fake services.

How Does a Tech‑Support Scam Work?

Scammers initiate contact via pop-up alerts, cold calls, or phishing emails.

Scammers initiate contact via pop-up alerts, cold calls, or phishing emails.

Scammers initiate contact via pop-up alerts, cold calls, or phishing emails.

They claim the victim's device is infected or compromised.

Victims are instructed to install remote access tools or visit fake support websites.

Victims are instructed to install remote access tools or visit fake support websites.

Scammers then steal sensitive data or demand payment for bogus repairs or services.

Scammers then steal sensitive data or demand payment for bogus repairs or services.

Tech-Support Scam Detection

Stopping Fraud Disguised as Help

An elderly customer logs in and initiates a transaction outside of their typical transacting times and using a desktop instead of their usual mobile device. Moments earlier, they received a pop-up claiming their computer was infected. A “tech support agent” is now guiding them over the phone, instructing them to wire funds to a ‘secure holding account.’

1

Fingerprint Detects Unusual Remote Activity

Fingerprint detects the use of remote access software (e.g., AnyDesk, TeamViewer) or non-typical session behaviors: new screen resolution, mouse movements inconsistent with the user’s pattern. This raises an early signal of potential remote scam manipulation.

2

Unit21 Rules Flag High-Risk Behavior

A Unit21 rule triggers based on an unusual transfer initiated after login from a known device - but following behavioral anomalies. Combined with a recent password reset and changed contact info, it fits a tech-support scam profile.

3

Graph-Based Analysis Finds Scam Clusters

Analysts pivot from the account to see a network of transactions where similar remote-access indicators and transfer patterns appear—suggesting multiple victims sending money, often to the same set of mule accounts.

4

Risk Score Elevation & Intervention

Unit21 auto-elevates the risk score for the destination account based on prior alerts and linkage to other flagged accounts. Outgoing wires are paused pending review.

5

AI Agent Aids in SAR Drafting

With the case validated, Unit21’s AI Agent assists the analyst in writing a compelling SAR narrative citing behavioral red flags, victim vulnerability, and scam typologies for a streamlined regulatory filing.

Prevention Tips for Tech‑Support Scam

  • Avoid unsolicited calls or pop-up tech alerts.
  • Never grant remote access to unknown parties.
  • Verify support contacts through official websites.
  • Use ad blockers and browser security features.
  • Educate users on common scam tactics.
FREQUENTLY ASKED QUESTIONS

Tech‑Support Scam

Why are tech-support scams such a high-risk threat?
Who do tech-support scams typically target?
How do attackers typically initiate these scams?
What makes these scams escalate so quickly?
What technical gaps allow these scams to succeed?
Why is brand misuse in these scams dangerous?
How can organizations better defend against tech-support scams?

Getting Started is Easy

See first-hand how Unit21can help bolster your risk & compliance operations
Get a Demo