Protect Yourself from Tech Support Scams

We spend a lot of time talking to business owners and disseminating the methods that can be used to sus out spam and phishing attempts. These sorts of methods are pretty effective at identifying straight-forward attacks. In particular, things like a display name not matching an email address, multiple mis-spellings, or threatening contents can make a malicious email pretty easy to spot if you know the tricks.

But how do you identify something as malicious when the email or advertisement doesn't present these indicators? Moreover, what if the communications display a good technical knowledge and offer to help with stubborn tech problems? Is it safe to trust these experts?

These attacks require more effort from the attackers to create and launch and seem like they would require more effort from you to identify. Thankfully, there are steps you can take to get more information for those edge cases when you aren't sure whether to click through the link:

Best Practices for Protecting Yourself from Tech Support Scams

  1. Check Their Documents:
    • Legitimate businesses will have publicly available data that you can use to get crucial details like the country of incorporation, officers, and other information.
    • Check a resource like Dun & Bradstreet, or the tax collector for the location of the businesses' incorporation. Even asking for information like this can often spook malicious actors.
  2. Inspect Their Tools:
    • In the same way that our company uses “” at the end of our emails, most companies will have a distinct domain name used for their website and email addresses.
    • Domain names are monitored by a number of different entities who publish records of bad actors. You can use tools like MXToolbox to get a quick rundown of what blacklists a domain may be on for spam or fraud.
  3. Hear Their Voice:
    • If you are already exchanging emails, asking for a callback number can be an inconspicuous way to end the conversation. When calling that number, pay attention to the caller ID that shows up while the line is ringing.
    • Generic automated messages may be inconclusive, but messages indicating that the line is not in service or mentioning the name of a totally unrelated company can be solid signs that something is not right.
  4. Understand The Trade:
    • Legitimate businesses want to make money. How does this entity make money? This can be difficult to determine, but is something to keep in mind while looking through the information provided.
    • If it seems too good to be true, then it probably is. While the saying is trite, it is very true and lopsided trades can show up in subtle ways.

Trust These Experts

Each of these tricks are can provide additional information, but it is always a good idea to get more information if you aren't sure.

Ultimately, the trust that makes business possible is the goal and On Call's team of trusted experts are here to help.


Backed by an award-winning cyber security and IT management team, On Call Compliance Solutions is the #1 source for CMMC, NIST SP 800-171 Compliance, DFARS and ITAR consulting. Give us a call now to schedule a free phone call with one of our compliance experts to see how we can help.

NIST SP 800-171 Compliance Experts


Fill out the form below to get a FREE consultation with one of our CMMC, NIST SP 800-171, DFARS and ITAR experts who can help you achieve your goals. There is never a fee or obligation to find out how we can help.

Contact Us