This content is part of the Essential Guide: How to manage email security risks and threats

How are tech support scams using phishing emails?

Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work with expert Nick Lewis.

Tech support scams seem like old news, but Microsoft issued a warning recently about an expanded phishing campaign where threat actors posed as legitimate technical support staff and even tricked some users with a fake Blue Screen of Death (BSOD). How does this campaign work, and how it is different from typical tech support scams?

Tech support scams are social engineering variants that try to convince targets that there's a problem with their computer, license or account. From there, the attacker contacts the user to try and help them solve the issue.

Microsoft recently posted a blog about a phishing email used for tech support scams -- it is believed that the contact information used could have been harvested from one of the data breaches that leaked millions of email addresses.

Tech support scams are also carried out through unsolicited phone calls in which the caller says he can fix the user's computer. Users should be aware that tech support scams can occur through email and other means to get targets to contact fake tech support hotlines or to install software that supposedly helps prevent fraud.

This particular tech support scam is somewhat different than conventional approaches; instead of using malicious web advertisements to spread tech support malware or cold-calling unsuspecting users, this campaign uses phishing emails. Once victims click on a malicious link in an email, they are sent to a page that appears to be a legitimate tech support page for Microsoft or other well-known vendors. In some cases, threat actors generate a fake BSOD to further convince victims that their systems are in need of maintenance.

Just like phone calls, phishing emails use standard techniques in which legitimate brands like Microsoft are used to notify the target that some type of transaction or problem was detected. This then entices the user to click on the given URL for additional information, as well as to provide a method of payment for the fraudulent tech support.

Since legitimate businesses often send notifications about transactions to help users identify fraudulent activity on their accounts, it's a good idea to closely monitor and investigate unsolicited transactions. Users should also be aware of potential fake BSODs and should try to verify if alleged issues are genuine.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing