www.malwarebytes.com
Open in
urlscan Pro
192.0.66.233
Public Scan
URL:
https://www.malwarebytes.com/blog/scams/2024/08/psa-these-microsoft-support-ploys-may-just-fool-you
Submission: On August 27 via api from TR — Scanned from CA
Submission: On August 27 via api from TR — Scanned from CA
Form analysis 4 forms found in the DOM
GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.malwarebytes.com/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/">
<label>
<span class="screen-reader-text">Search for:</span>
<input type="search" class="search-field" placeholder="Type to search..." value="" name="s">
</label>
<input type="submit" class="search-submit" value="Search">
</form>GET https://www.malwarebytes.com/blog/
<form role="search" method="get" class="search-form" action="https://www.malwarebytes.com/blog/">
<div class="labs-sub-nav__searchbar-wrap">
<input class="labs-sub-nav__search-input" type="text" name="s" placeholder="Search Labs">
<button class="labs-sub-nav__search-button" id="cta-labs-rightrail-search-submit-en" aria-label="Search in Malwarebytes">
<svg xmlns="http://www.w3.org/2000/svg" width="35px" height="35px" viewBox="0 0 24 24" fill="none">
<g clip-path="url(#clip0_15_152)">
<rect width="24" height="24" fill="none"></rect>
<circle cx="10.5" cy="10.5" r="6.5" stroke="#0d3ecc" stroke-linejoin="round"></circle>
<path d="M19.6464 20.3536C19.8417 20.5488 20.1583 20.5488 20.3536 20.3536C20.5488 20.1583 20.5488 19.8417 20.3536 19.6464L19.6464 20.3536ZM20.3536 19.6464L15.3536 14.6464L14.6464 15.3536L19.6464 20.3536L20.3536 19.6464Z" fill="#0d3ecc">
</path>
</g>
<defs>
<clipPath id="clip0_15_152">
<rect width="24" height="24" fill="#0d3ecc"></rect>
</clipPath>
</defs>
</svg>
</button>
</div>
</form>https://www.malwarebytes.com/newsletter/
<form action="https://www.malwarebytes.com/newsletter/" class="newsletter-form">
<div class="newsletter-form__inline">
<label>Email Address</label>
<input type="email" name="email" id="cta-footer-newsletter-input-email-en" placeholder="Email Address" required="" class="newsletter-form__email">
<input type="hidden" class="newsletter-form__pageurl" value="https://www.malwarebytes.com/blog/scams/2024/08/psa-these-microsoft-support-ploys-may-just-fool-you">
<input name="source" type="hidden" value="">
<input type="submit" value="Sign Up" class="newsletter-form__btn" id="cta-footer-newsletter-subscribe-email-en">
</div>
<div class="newsletter-form__validate hidden">
<span></span>
</div>
</form>Text Content
Skip to content
Search
Search Malwarebytes.com
Search for:
* Sign In
* MyAccount sign in: manage your personal or Teams subscription >
* Cloud Console sign in: manage your cloud business products >
* Partner Portal sign in: management for Resellers and MSPs >
* Personal
< Personal
Products
* Malwarebytes Premium Security >
* Malwarebytes Privacy VPN >
* Malwarebytes Identity Theft Protection >
* Malwarebytes Browser Guard >
* Malwarebytes for Teams/small offices >
* AdwCleaner for Windows >
--------------------------------------------------------------------------------
Find the right product
See our plans
Infected already?
Clean your device now
Solutions
* Free antivirus >
* Free virus scan & removal >
* Windows antivirus >
* Mac antivirus >
* Android antivirus >
* iOS security >
* Digital Footprint Scan >
See personal pricing
Manage your subscription
Visit our support page
* Business
< Business
BUNDLES
* ThreatDown Bundles
* Protect your endpoints with powerfully simple and cost-effective bundles
* Education Bundles
* Secure your students and institution against cyberattacks
TECHNOLOGY HIGHLIGHTS
* Managed Detection & Response (MDR)
* Deploy fully-managed threat monitoring, investigation, and remediation
* Endpoint Detection & Response (EDR)
* Prevent more attacks with security that catches what others miss
* Explore our portfolio >
Visualize and optimize your security posture in just minutes.
Learn more about Security Advisor (available in every bundle). >
* Pricing
< Pricing
Personal pricing
Protect your personal devices and data
Small office/home office pricing
Protect your team’s devices and data
Business pricing (5+ employees)
Step up your corporate endpoint security. Save up to 45%
* Partners
< Partners
Explore Partnerships
Partner Solutions
* Resellers
* Managed Service Providers
* Computer Repair
* Technology Partners
* Affiliate Partners
Contact Us
* Resources
< Resources
Learn About Cybersecurity
* Antivirus
* Malware
* Ransomware
Malwarebytes Labs – Blog
* Glossary
* Threat Center
Business Resources
* Reviews
* Analyst Reports
* Case Studies
Press & News
Reports
The State of Malware 2023 Report
Read report
* Support
< Support
Malwarebytes Personal Support
Malwarebytes and Teams Customers
ThreatDown Business Support
Nebula and Oneview Customers
Community Forums
Free Download
* Sign In
* < Sign In
* MyAccount sign in: manage your personal or Teams subscription >
* Cloud Console sign in: manage your cloud business products >
* Partner Portal sign in: management for Resellers and MSPs >
Search Search
Search Malwarebytes.com
Search for:
SUBSCRIBE rss
Scams
PSA: THESE ‘MICROSOFT SUPPORT’ PLOYS MAY JUST FOOL YOU
Posted: August 26, 2024 by Jérôme Segura
Many people turn to their favorite search engine when they are facing an issue
with their computer. One common search query is to look for the telephone number
or contact form for Microsoft, Apple or one of many other brands.
Scammers have long been interested in pretending to be Microsoft technical
support. Years ago, inbound unsolicited calls were one of the most common
techniques to bring in new victims. In more recent times, fake alerts that take
over the browser claiming your computer is infected with viruses have been the
dominant vector.
Today, we take a look at two subtle and extremely deceiving campaigns that
leverage Google ads and Microsoft’s own infrastructure to create perfect scam
scenarios that fooled us for a minute.
TRICK #1: FAKE HELPDESK PAGE VIA MICROSOFT LEARN
We found this ad while looking for Microsoft support live agents. The top
(sponsored) result looks like it was bought by Microsoft itself with its
official logo and URL.
Users who click on the ad are redirected to a legitimate Microsoft website
(learn.microsoft.com) showing Microsoft’s “official” phone number. This page has
the look and feel of a genuine knowledge base article especially since it
appears to be posted by “Microsoft Support”:
Clicking the 3 dots beside the ad reveals that it actually doesn’t belong to
Microsoft at all, but instead was paid for by an advertiser from Vietnam. This
does not mean this is the actual scammer, simply that this account may have been
compromised and is being used to create malicious ads.
As for the Microsoft page, it was created by a scammer via a fake Microsoft
Support profile using Microsoft Learn collections.
> Microsoft Learn Collections is a feature available to anyone with a Microsoft
> Learn profile. Collections allow you to create curated lists of Microsoft
> Learn content to share with your followers. A collection can include
> documentation articles, training modules, learning paths, videos, code
> samples, and more.
Here’s the profile for “Microsoft Support” that actually belongs to the scammer,
using the profile id JamesKing-8561:
TRICK #2: MICROSOFT SEARCH QUERY HIJACK
The second (unrelated) ad campaign we saw is using a different tactic but also
starts with a Google ad. When victims clicking on it, it will launch a search
query page via microsoft.com/en-us/search/explore.
This clever trick works by passing the following parameters to the URL:
Call+%2B1+%28844%29+327-5425++Microsoft+Support+%28USA%29
When the page finishes loading, it will display what looks like a contact number
from Microsoft. In a way, this is a form of advertisement that totally abuses
what the Microsoft search feature was intended for:
Fraudsters sitting in a far away call center pretending to be Microsoft
technicians will trick victims into letting them onto their computers using
remote access programs. The damage these scammers can do ranges from stealing a
few hundred dollars as part of a “repair”, to emptying entire savings accounts.
Needless to say, you do not want to call these crooks, let alone grant them
access to your computer.
GETTING REAL SUPPORT
Scammers are well aware that many people, especially the elderly, aren’t in a
position to take their computers to a brick and mortar shop. Looking for help
online from the convenience of their home is often the only option.
Here are some tips:
* Never call a phone number that you see in an ad (search ad, or display ad).
* To visit an official website, refrain from clicking on sponsored links.
Instead, scroll further down and look for the organic search result.
* Tip above does not take into account SEO poisoning, where scammers game
search engines’ results. If you can, type in the website directly into the
address bar.
* Tip above does not take into account ‘typosquatting’ which is when you make a
mistake in the spelling of the website and are redirected to a malicious site
instead. This is something you should be aware of as well.
* Perhaps there is help available locally, which you may get by asking a friend
or acquaintance.
Finally, keep your computer up-to-date and secure with protection against
malware and malicious websites. Malwarebytes‘ offering includes the free Browser
Guard extension which secures your online browsing experience.
In the meantime, the real Microsoft website can be accessed at
support.microsoft.com and it looks like this (in the U.S.):
SHARE THIS ARTICLE
RELATED ARTICLES
Podcast
MOVE OVER MALWARE: WHY ONE TEEN IS MORE WORRIED ABOUT AI (RE-AIR) (LOCK AND CODE
S05E18)
August 26, 2024 - This week on the Lock and Code podcast, we speak with Nitya
Sharma about why AI is a far bigger concern than malware in staying safe.
CONTINUE READING 0 Comments
News
A WEEK IN SECURITY (AUGUST 19 – AUGUST 25)
August 26, 2024 - A list of topics we covered in the week of August 19 to August
25 of 2024
CONTINUE READING 0 Comments
News | Threats
FAKE FUNERAL “LIVE STREAM” SCAMS TARGET GRIEVING USERS ON FACEBOOK
August 23, 2024 - Facebook scammers are posting links to fake funeral live
streams to get victims to sign up for paid services or steal credit card details
CONTINUE READING 1 Comment
News
GOOGLE PATCHES ACTIVELY EXPLOITED ZERO-DAY IN CHROME. UPDATE NOW!
August 22, 2024 - Google has released an update to Chrome that fixes one
zero-day vulnerability and introduces Google Lens for desktop.
CONTINUE READING 0 Comments
Cybercrime
FRAUDULENT SLACK AD SHOWS MALVERTISER’S PATIENCE AND SKILLS
August 21, 2024 - Once again, threat actors seek out Google search ads for top
software downloads, but this time they show a lot of patience and bring on
evasion tricks.
CONTINUE READING 0 Comments
ABOUT THE AUTHOR
Jérôme Segura
Sr Director, Research
Contributors
Threat Center
Podcast
Glossary
Scams
Cyberprotection for every one.
FOR PERSONAL
* Windows Antivirus
* Mac Antivirus
* Android Antivirus
* Free Antivirus
* VPN App (All Devices)
* Malwarebytes for iOS
* SEE ALL
COMPANY
* About Us
* Contact Us
* Careers
* News and Press
* Blog
* Scholarship
* Forums
FOR BUSINESS
* Small Businesses
* Mid-size Businesses
* Larger Enterprise
* Endpoint Protection
* Endpoint Detection & Response (EDR)
* Managed Detection & Response (MDR)
FOR PARTNERS
* Managed Service Provider (MSP) Program
* Resellers
MY ACCOUNT
Sign In
SOLUTIONS
* Digital Footprint Scan
* Rootkit Scanner
* Trojan Scanner
* Virus Scanner
* Spyware Scanner
* Password Generator
* Anti Ransomware Protection
ADDRESS
One Albert Quay
2nd Floor
Cork T12 X8N6
Ireland
3979 Freedom Circle
12th Floor
Santa Clara, CA 95054
LEARN
* Malware
* Hacking
* Phishing
* Ransomware
* Computer Virus
* Antivirus
* What is VPN?
* Twitter
* Facebook
* LinkedIn
* Youtube
* Instagram
CYBERSECURITY INFO YOU CAN’T LIVE WITHOUT
Want to stay informed on the latest news in cybersecurity? Sign up for our
newsletter and learn how to protect your computer from threats.
Email Address
* Legal
* Privacy
* Accessibility
* Compliance Certificates
* Vulnerability Disclosure
* Terms of Service
© 2024 All Rights Reserved
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
Privacy Policy
OK
MANAGE CONSENT PREFERENCES
ALL COOKIES
Always Active
* STRICTLY NECESSARY
Always Active
These cookies are necessary for the website to function and cannot be
switched off in our systems. They are usually only set in response to actions
made by you which amount to a request for services, such as setting your
privacy preferences, logging in or filling in forms. You can set your
browser to block or alert you about these cookies, but some parts of the site
will not then work. These cookies do not store any personally identifiable
information.
* PERFORMANCE AND FUNCTIONALITY
Always Active
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies
then some or all of these services may not function properly.
* ANALYTICS
Always Active
These cookies allow us to count visits and traffic sources so we can measure
and improve the performance of our site. They help us to know which pages are
the most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If
you do not allow these cookies we will not know when you have visited our
site, and will not be able to monitor its performance.
* ADVERTISING
Always Active
These cookies may be set through our site by our advertising partners. They
may be used by those companies to build a profile of your interests and show
you relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Back Button
COOKIE LIST
Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
OK