Skip to main content

Microsoft warns of new tech support scams that use phishing tactics

The company recently posted a related warning on its Windows Security blog. From that post (opens in new tab):

The said spam emails use social engineering techniques — spoofing brands, pretending to be legitimate communications, disguising malicious URLs — employed by phishers to get recipients to click suspicious links … However, instead of pointing to phishing sites designed to steal credentials, the links lead to tech support scam websites, which use various scare tactics to trick users into calling hotlines and paying for unnecessary "technical support services" that supposedly fix contrived device, platform, or software problems.

Fake Amazon order cancellation email, in which the order number is a suspicious link.

Fake Amazon order cancellation email, in which the order number is a suspicious link.

The concept isn't new, but the means (getting people to panic and pursue tech support) to the end (stealing innocent victims' money) is slightly different.

People who use Microsoft Exchange Online Protection (EOP) for Office 365 and Outlook.com are protected from the ploy, because anti-spam filters in those products identified characteristics of phishing emails and blocked the dangerous messages, according to Microsoft. And the company's Edge browser can also block pop-up boxes and or dialog loops created by tech support scam websites, Microsoft says.

The company also says three million online users encounter tech support scams every month, though these new phishing-type ploys appear to be new and could increase that number.

Al Sacco is content director of Future PLC's Mobile Technology Vertical, which includes AndroidCentral.com, iMore.com and WindowsCentral.com. He is a veteran reporter, writer, reviewer and editor who has professionally covered and evaluated IT and mobile technology, and countless associated gadgets and accessories, for more than a decade. You can keep up with Al on Twitter and Instagram.

2 Comments
  • Been getting more of these recently. Edge and Mail aren't doing a great job of seeing them. I would think they coud at least catch the one that says I asked to cancel my Hotmail account with a link to click that is a shortened URL.   Best thing to do in these cases is not click on any of the options in the e-mail. You can hover a mouse over most links and it shows what that link will take you to. Most are obviously suspicious. None of my bank accounts are serviced out of a site with a .ru URL, how about yours? A shortened link can take you anywhere. If you are concerned, access the account in question directly, the way you normally would, not from the e-mail, and check with their support. 9 times out of 10 they will acknowledge they know about the scam but have a hard time doing anything about. 
  • My old Hotmail account gets allot of spam and I do see fake emails from Amazon and Ebay.   Do not click links in email you are not sure are real, just hover your mouse over the link to see where they go and then delete the email if aren't sure.