“Microsoft” Scam Evolves

There are very few of us now who aren’t aware of the scam cold callers purporting to be Microsoft engineers telling you that you have a problem with your computer. In fact, because we’ve all wised up to this scam, they’ve had to move onto pastures new.

The Evolution of Bogus Tech Support.

The latest reported way in which they are tricking the unsuspecting marks an evolution in bogus tech support scams.

Instead of the phone call, you’ll now get an email with links that lead to fraudulent tech support sites. The emails appear to be genuine correspondence from well-known brands such as LinkedIn and Amazon, or, as in the illustration below, from your accounting software. The email pretends to be an invoice, cancelled order, or social media message that contains phishing links hidden in seemingly harmless text.

Email scam example

By clicking the link, you will be lead to a compromised website that, as with existing tactics, automatically redirects you to the scam site. You may then encounter a scare-mongering pop up telling you about your urgent security issues which directs you to a tech support scam website. Once here there are more scare tactics employed to trick you into calling hotlines and paying for unnecessary 'technical support services' that supposedly fix your non-existent issues.

Microsoft's research into these types of issues indicates that three million users each month are exposed to tech-support scams. The most widespread tech-support scam malware is known as TechBrolo, which uses a looping dialog box that effectively locks the browser, and an audio file that describes the supposed problem and urges the user to call a support number.

With the increasingly sophisticated nature of scam emails it becomes more difficult to spot the bad ones from the genuine emails. For this type of tech scam, it is worth reminding you that Microsoft doesn't proactively reach out to users to offer unsolicited tech support.

Comments are closed.