Tech support scams use language to manipulate people. But language — scammy or otherwise — can be learned.
Have you ever gotten a call from an unknown number claiming that there’s a serious problem with your computer? It’s likely you have — these types of calls, called tech support fraud, are more common than they ever have been before. Scammers take advantage of inexpensive robocalling technology to make it look like they’re coming from legitimate companies in order to reach vulnerable people and scam them out of personal information and money.
But while we’ve done a lot of research on the technical side of things — primarily how to identify and block the websites the scammers also use — today we’re going to look at the human side of things. More specifically: What language do tech support scammers use to scam?
“Language is the material with which we fabricate our existence; without language, there is no ideology, no cults, no scams,” linguist Amanda Montell, author of the new book Cultish, tells Avast. “But language cannot work to ‘brainwash’ someone into believing something they have no interest in; it simply gives them license to believe what they already want to believe.”
In the case of tech support scams, what victims “want” to believe — or, perhaps more accurately, are taught to believe — is that they don’t know anything about technology and therefore should defer to the “expert” who has called them. In fact, the social engineering used by tech support scammers is very similar not only to the language used by cult leaders but also to the methods used in phishing attacks, which are emails that trick people into sharing personal or financial information with cyber criminals. Here are some tell-tale linguistic cues that the “support” call you’ve gotten is actually from a scammer.
The very first language cue that you’re dealing with a scammer is their insistence that there’s an urgent problem that needs to be taken care of right now or something terrible will happen. The scammers position themselves as your savior, protecting you from cyber criminals, when they’re in fact the criminals themselves.
Scammers will try to move as quickly as possible from the phone call onto your device, either to get you to give them remote access or to get you to enter personal information into a website they control. They’ll make it seem like you’ll lose control of your data and device if you don’t do what they say right now.
This is the scam. If anyone calls you claiming to be from “tech support” and is extremely urgent about it, hang up immediately. And if you get an “urgent” email? Reach out to the person who sent it via another communication channel — like a phone call or a Slack message — to confirm it’s really them before responding.
Tech support scammers will often present themselves as calling from legitimate tech companies. Microsoft is a common one, as is Apple; we’ve even had reports of scammers posing as representatives of Avast! They do this because the immediate impulse for people who aren’t especially tech-savvy is to defer to the “authority.”
This is directly related to the social engineering methods used in phishing attacks. Cyber criminals know that people are much more likely to respond to an urgent email from their CEO without questioning it. They also know that we’re more likely to respond to an urgent call from “Apple,” or “Avast,” than we are to a random IT person.
Remember: No legitimate company will ever call you out of the blue claiming you have a tech problem. If you pick up a random call and the person on the other end says they’re from “Microsoft,” they’re not. Hang up immediately.
According to Montell, scammers “make use of what are called ‘thought-terminating clichés,’ or catchy stock expressions aimed at halting independent thinking and questioning. In predatory multi-level marketing scenarios, for example, thought-terminating clichés may come in the form of phrases like ‘This can't be a pyramid scheme; pyramid schemes are illegal,’ or ‘This isn't a pyramid scheme; corporate jobs are the real pyramid scheme.’”
In the case of tech support scammers, the thought-terminating cliche might be, “Ma’am, I’m calling from Microsoft. I am the expert here — not you.” The goal is to get you to move away from any doubts you might have about their legitimacy toward thinking that they’re really calling from Microsoft.
Despite the fact that it’s so much a part of our daily lives, many people — of all ages and from all backgrounds — don’t really understand how technology works. Add security and privacy on top of that and it’s easy to see how language can be used to scam. In general, most people don’t “speak tech.” So you can be sure that scammers will act like they do.
"When someone is using super lofty, highfalutin language to camouflage the fact that they're just trying to bait you into forking over money quickly, that's also sketchy and worth evaluating,” Montell says.
Just as you probably recognize the phrase “once in a lifetime opportunity you don’t want to miss,” as scammy, get in the habit of recognizing overly technical terminology — words that the general public doesn’t know and, honestly, doesn’t need to know — as scammy language.
Have a particular ear out for terms like “compromised,” “infiltrated,” “spyware,” “rootkit,” “ciphertext,” “DLP or data loss prevention,” “IPS or intrusion prevention system,” and any other acronym thrown out casually in conversation. Real tech support people know that the average person doesn’t know what these terms mean and will be careful to use more common language with customers.
Tech support scams, like most scams, use language to manipulate people into giving away something they value. But language — scammy or otherwise — can be learned. Listen for the linguistic red flags, share them with your family and friends, and we’ll all know how to shut these types of scams down for good.
From bloated inboxes to unused apps, here are five tips to tackle cyber chaos.
Filing your taxes online can be a convenient and efficient way to get your taxes done, but it's important to be aware of the risks and take steps to protect yourself from cybercriminals.