Skip to main content

Microsoft says don't trust phony call centers and malicious Excel files

The Visitor’s Center at Microsoft Headquarters campus is pictured July 17, 2014 in Redmond, Washington.
The Visitor’s Center at Microsoft Headquarters campus is pictured July 17, 2014 in Redmond, Washington. (Image credit: Stephen Brashear/Getty Images for Microsoft)

What you need to know

  • Microsoft Security Intelligence has caught wind of a new ransomware attack strategy.
  • It involves fake call centers and malicious Excel files.
  • The campaign is dubbed "BazaCall."

There's a ransomware campaign going on called BazaCall. It's been circulating for months, but Microsoft Security Intelligence is now publicizing its major points on Twitter with screenshots to help inform the average person of how to stay safe (via ZDNet).

Here's how BazaCall works. First, you'll receive an email saying a subscription service of yours is up for renewal, and you'll be invited to call a phone number to cancel if you wish.

When you call, you'll be told to go to a website and download an Excel file. That file contains the macro that gets the payload onto your machine, crippling you with ransomware.

See more

It sounds like a dumb plot on paper, but in reality, decently written emails and full-on fake call centers can present the appearance of a legitimate operation to the gullible, uninformed, or inattentive. As Microsoft mentions in its tweet thread discussing BazaCall, the threat is made even more complex by the fact that there's nothing overtly malicious in the emails themselves, making danger harder to detect.

The name BazaCall stems from the malware the campaign distributed in the beginning: BazaLoader. Though it's been kicking around for a bit, it seems the efforts to spread ransomware are amping up as people get wise to classic tricks.

Today we're dealing with harmless emails, con-job call centers, and dangerous Excel files. What happens tomorrow? Do fraudsters legally register and operate entirely legitimate businesses solely to have addresses and phone numbers for swindles on the side? Aside from the fact that that already happens, the point is that ransomware may seem like a foreign concern at the moment, but be ready: Cybercriminals are working overtime to drag you into their net, no matter how elaborate of a scheme such a victory requires.

Robert Carnevale is the News Editor for Windows Central. He's a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author of Cold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.