Cyber criminals have traditionally used emails to lead potential victims to bogus sites to phish their credentials or make them pay for unsolicited or fake support calls. At least three million users fall for these scams every month. Microsoft's Malware Protection Center has warned that the scammers are now using phishing-like emails from well-known tech companies and retailers leading to fake tech support sites.
Scammers are following criminal tactics of using phishing techniques
"Tech support scams continue to evolve, with scammers exploring more ways to reach potential victims," the company's security team writes. "Recently, we have observed spam campaigns distributing links that lead to tech support scam websites."
The said spam emails use social engineering techniques - spoofing brands, pretending to be legitimate communications, disguising malicious URLs - employed by phishers to get recipients to click suspicious links.
However, instead of pointing to phishing sites designed to steal credentials, the links lead to tech support scam websites, which use various scare tactics to trick users into calling hotlines and paying for unnecessary "technical support services" that supposedly fix contrived device, platform, or software problems.
Hidden in these emails are links that redirect users to scam sites, where users encounter various social engineering tricks, including bogus security alerts. These scam sites are also designed to mirror legitimate websites and display pop-up messages with warnings like BSOD that appear legit to a user. They also include customer service numbers, which are then answered by agents who further trick users into paying for this fake support.
The technical support scam websites employ various social engineering techniques to compel users to call the provided hotlines. They warn about malware infection, license expiration, and system problems. Some scams sites display countdown timers to create a false sense of urgency, while others play an audio message describing the supposed problem.
Microsoft noted that sometimes users are locked out of their browsers when scammers use dialog loops pushing the browser to present an infinite series of alerts containing false threats. The Redmond tech giant has advised users to opt for Microsoft Edge that "helps stop pop-up or dialog loops that are often spawned by tech support scam websites." However, others have also recently fixed these issues that were exploited by scammers to present alerts, ad infinitum.
The company has warned yet again that Microsoft doesn't proactively reach out to its users to offer tech support. Microsoft noted that most of these scams predominantly target people in the US (58% of all reported scams), UK, Canada, and Australia.