How are tech support scams using phishing emails?
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work with expert Nick Lewis.
Tech support scams seem like old news, but Microsoft issued a warning recently about an expanded phishing campaign where threat actors posed as legitimate technical support staff and even tricked some users with a fake Blue Screen of Death (BSOD). How does this campaign work, and how it is different from typical tech support scams?
Tech support scams are social engineering variants that try to convince targets that there's a problem with their computer, license or account. From there, the attacker contacts the user to try and help them solve the issue.
Microsoft recently posted a blog about a phishing email used for tech support scams -- it is believed that the contact information used could have been harvested from one of the data breaches that leaked millions of email addresses.
Tech support scams are also carried out through unsolicited phone calls in which the caller says he can fix the user's computer. Users should be aware that tech support scams can occur through email and other means to get targets to contact fake tech support hotlines or to install software that supposedly helps prevent fraud.
This particular tech support scam is somewhat different than conventional approaches; instead of using malicious web advertisements to spread tech support malware or cold-calling unsuspecting users, this campaign uses phishing emails. Once victims click on a malicious link in an email, they are sent to a page that appears to be a legitimate tech support page for Microsoft or other well-known vendors. In some cases, threat actors generate a fake BSOD to further convince victims that their systems are in need of maintenance.
Just like phone calls, phishing emails use standard techniques in which legitimate brands like Microsoft are used to notify the target that some type of transaction or problem was detected. This then entices the user to click on the given URL for additional information, as well as to provide a method of payment for the fraudulent tech support.
Since legitimate businesses often send notifications about transactions to help users identify fraudulent activity on their accounts, it's a good idea to closely monitor and investigate unsolicited transactions. Users should also be aware of potential fake BSODs and should try to verify if alleged issues are genuine.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)