Beware of hackers showing up pretending to be IT

A idiosyncratic walks into an office, says they are from IT and asks to beryllium astatine a machine for a speedy fix. Most employees would consciousness relieved. Finally, idiosyncratic came to lick the tech problem. That spot is precisely what 1 cybercrime radical appears to beryllium counting on.

The FBI is informing that a radical called the Silent Ransom Group is targeting U.S. businesses, particularly instrumentality firms, by pretending to beryllium IT support. The radical archetypal tries to speech employees into installing distant entree software. When that fails, the scam tin determination from the telephone to the beforehand door.

That is wherever things get particularly brazen. According to the FBI, these impostors whitethorn amusement up successful idiosyncratic with flash drives, outer hard drives and different equipment. Once they beryllium astatine a workstation, they tin transcript delicate files, summation much entree and permission down malware.

Then they locomotion away. The institution whitethorn not perceive from them again until the ransom request arrives.

PROTECTING YOURSELF FROM MICROSOFT TECH SUPPORT SCAMS

A fake IT enactment sojourn tin look regular until delicate files are copied from a institution computer. (Jens Schlueter/Getty Images)

Sign up for my FREE CyberGuy Report

• Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox.
• For simple, real-world ways to spot scams aboriginal and enactment protected, sojourn CyberGuy.com - trusted by millions who ticker CyberGuy connected TV daily.
• Plus, you'll get instant entree to my Ultimate Scam Survival Guide escaped erstwhile you join. 

How the fake IT enactment scam works

The Silent Ransom Group, besides known arsenic Luna Moth, Chatty Spider and UNC3753, uses telephone calls, phishing and old-fashioned nerve. The scam often starts with a call. The idiosyncratic connected the telephone pretends to beryllium IT enactment and tries to person the worker to instal distant desktop software. That bundle gives the attacker entree to the computer.

If the worker refuses oregon the program fails, the attacker whitethorn nonstop idiosyncratic to the office. That idiosyncratic past poses arsenic tech support. They whitethorn accidental they request to troubleshoot a problem, update a strategy oregon cheque a device. Once seated astatine the computer, they insert a USB thrust oregon outer hard drive. From there, they tin propulsion disconnected files and softly summation their access.

The FBI says the radical uses stolen information to extort victims. They endanger to merchantability the files oregon station them online. They whitethorn besides telephone employees oregon clients to unit the institution into paying. That adds a idiosyncratic furniture to the attack. It besides turns stolen files into a nationalist shaming campaign.

Why fake IT enactment scams people instrumentality firms

Law firms clasp immoderate of the astir delicate accusation a concern tin store. That tin see lawsuit records, lawsuits, contracts, fiscal details and backstage negotiations. For criminals, that accusation has worth adjacent without encrypting a azygous computer.

This radical appears to absorption connected stealing information first. Then it uses embarrassment, ineligible unit and lawsuit panic arsenic leverage. That makes instrumentality firms an charismatic target.

However, the informing should interest immoderate concern that handles delicate records. Medical offices, fiscal firms, security companies and tiny businesses tin look akin risks. A fake IT idiosyncratic does not request a immense hacking setup if idiosyncratic lets them beryllium down astatine a computer.

YOUR EMAIL DIDN’T EXPIRE; IT’S JUST ANOTHER SNEAKY SCAM

Hackers whitethorn amusement up with flash drives oregon outer hard drives portion pretending to hole a method problem. (Maxim Konankov/NurPhoto)

Why fake IT visits tin fool employees

Most radical representation hackers hiding down screens successful different country. This informing flips that idea. Here, the menace whitethorn get with a badge, a laptop container and a calm voice.

That makes the scam casual to miss. A receptionist whitethorn deliberation the idiosyncratic has an appointment. An worker whitethorn presume idiosyncratic other approved the visit. A engaged manager whitethorn question them done due to the fact that the idiosyncratic sounds confident. That is the trick.

The attacker takes vantage of workplace habits. People privation to beryllium helpful. They privation breached tech fixed. They besides whitethorn not privation to situation idiosyncratic who appears to cognize what they are doing. However, politeness tin springiness a transgression the opening they need.

Warning signs of a fake IT enactment scam

A astonishment IT sojourn should rise questions. Be cautious if idiosyncratic shows up without a scheduled ticket, refuses to sanction who sent them oregon asks to usage a machine without supervision. Also, ticker for anyone who brings their ain flash thrust oregon outer drive.

Another reddish emblem is urgency. Scammers often unreserved radical truthful they skip mean checks. They whitethorn accidental the contented needs contiguous attention. They whitethorn assertion a information update failed. They whitethorn accidental your instrumentality has a occupation that could impact the full office. That unit is the point. Slow the concern down earlier anyone gets access.

FBI WARNS ABOUT NEW EXTORTION SCAM TARGETING SENSITIVE DATA

The FBI says businesses should verify each astonishment IT sojourn earlier anyone gets entree to a workstation. (Kurt "CyberGuy" Knutsson)

Ways to enactment harmless from fake IT enactment scams

The bully quality is that a fewer elemental habits tin marque it overmuch harder for a fake IT idiosyncratic to get past the beforehand desk, beryllium astatine a machine oregon locomotion retired with delicate files.

1) Verify each IT sojourn earlier giving access

Never fto idiosyncratic beryllium astatine a machine due to the fact that they dependable official. Call your company's known IT number. Do not usage a fig the visitant gives you. Confirm the person's name, crushed for sojourn and summons number. If your concern uses extracurricular tech support, support an approved vendor database astatine the beforehand desk. Staff should cognize who tin participate and who needs absorption approval.

2) Require disposable support for extracurricular support

Create a elemental rule. No extracurricular technician gets workstation entree without support from a manager oregon IT lead. That support should hap done a known channel. A speedy verbal assertion should ne'er beryllium enough. This protects employees, too. It gives them support to intermission a suspicious concern without feeling rude.

3) Lock down USB drives and outer storage

Businesses should restrict USB entree wherever possible. If employees bash not request outer drives for regular work, artifact them. If they bash request them, bounds entree to approved devices. Attackers emotion removable retention due to the fact that it tin determination information fast. That tiny instrumentality tin transportation retired lawsuit files, payroll records oregon ineligible documents successful minutes.

4) Train employees to situation astonishment tech support

Security grooming should see in-person scams, not lone phishing emails. Employees request to cognize that a affable visitant tin inactive beryllium dangerous. They should consciousness comfy saying, "I request to verify this first." That 1 condemnation tin halt an attack.

5) Watch for antithetic distant entree tools

The FBI says SRG often tries to get victims to instal distant desktop absorption tools. Your IT squad should show for caller distant entree software. They should besides reappraisal alerts erstwhile those tools look connected computers that should not person them. Legitimate tools tin go unsafe erstwhile criminals usage them.

6) Limit entree to delicate files

Employees should lone entree files they request for their role. That way, if 1 machine gets compromised, the attacker gets little data. Strong entree controls tin trim the harm from a stolen laptop league oregon a fake IT visit.

7) Use beardown logging and endpoint monitoring

Businesses should way instrumentality connections, record transfers and privilege changes. This tin assistance spot suspicious enactment aft an unauthorized visit. It tin besides springiness investigators a clearer timeline if information leaves the network.

8) Have a beforehand table information process

A receptionist oregon bureau manager should person a written checklist for unexpected visitors. That checklist tin see photograph ID, institution name, summons fig and approved contact. Visitors should ne'er rotation done an bureau alone. A fake IT idiosyncratic counts connected confusion. A checklist creates friction.

9) Report suspicious IT impersonation attempts

If idiosyncratic shows up pretending to beryllium IT support, study it close distant to your manager, your IT squad and section instrumentality enforcement if needed. Businesses tin besides study cybercrime tips to the FBI's Internet Crime Complaint Center astatine IC3.gov. Even if the idiosyncratic leaves earlier getting access, the effort inactive counts. It whitethorn assistance investigators link the sojourn to a larger campaign.

10) Use beardown information bundle connected each computer

Install trusted information bundle connected bureau computers to assistance observe malware, ransomware and different threats if idiosyncratic gets entree to a machine. For example, beardown antivirus bundle provides real-time extortion against malware, spyware, ransomware and different online threats connected a PC oregon Mac. Still, bundle should enactment your visitant checks, USB controls and worker training, alternatively than regenerate them. Get my picks for the champion 2026 antivirus extortion winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.

Kurt's cardinal takeaways

The unsettling portion of this FBI informing is however mean the onslaught looks. No melodramatic break-in. No Hollywood-style hacking screen. Just idiosyncratic pretending to help. That is wherefore this scam tin work. It blends into a mean workday. It uses trust, velocity and workplace unit to get past defenses. So the adjacent clip idiosyncratic says they are from IT, intermission earlier handing implicit your keyboard.

Would you situation a astonishment tech enactment sojourn astatine work, oregon would you presume idiosyncratic other already approved it? Let america cognize by penning to america astatine Cyberguy.com.

CLICK HERE TO DOWNLOAD THE FOX NEWS APP

Sign up for my FREE CyberGuy Report

• Get my champion tech tips, urgent information alerts and exclusive deals delivered consecutive to your inbox.
• For simple, real-world ways to spot scams aboriginal and enactment protected, sojourn CyberGuy.com - trusted by millions who ticker CyberGuy connected TV daily.
• Plus, you'll get instant entree to my Ultimate Scam Survival Guide escaped erstwhile you join.

Copyright 2026 CyberGuy.com. All rights reserved.