Security

Warning, Windows 10 users! Tech support scammers have a new method for phishing attacks

Microsoft's Malware Protection Center has spotted new phishing techniques that direct Windows 10 users to fraudulent tech-support sites. Here's how you could be affected.

Heads up, Windows 10 users—scammers are using new tactics to access your data. On Tuesday, Microsoft's Malware Protection Center announced that it had learned about new strategies to target those using Windows 10, via links that lead to fraudulent tech support sites.

SEE: Essential reading for IT leaders: 10 books on cybersecurity (free PDF) (TechRepublic)

According to Microsoft, "at least three million users of various platforms and software encounter tech support scams" each month. But the new techniques, which introduce a different layer to the mix, embed links in phish-like emails—and represent a step up from the previous methods used by scammers, potentially leading to a wider pool of victims. Previously, these types of scams involving tech support were done in a cold-call fashion. Now, however, a series of malicious ads will automatically redirect victims to a fake tech support page, in which Windows 10 users are presented with a display of fake Blue Screen of Death (BSOD) or other bogus Windows security alerts, according to ZDNet.

Sending mass emails that pretend to come from popular sites like LinkedIn or Amazon has been a mainstay of online scammers, who include links to fake bank or email login sites. But now, this tactic is being redirected to tech support sites in order to phish credentials.

These sites, according to Microsoft malware protection researchers Alden Pornasdoro, Jeong Mun, Barak Shein, and Eric Avena, "use various scare tactics to trick users into calling hotlines and paying for unnecessary 'technical support services' that supposedly fix contrived device, platform, or software problems."

Once users have clicked on the link that leads to the fraudulent website, they are presented with a host of security-alert pop-ups that aim to drive users to contact the bogus support call center.

In order to prevent these kinds of attacks, Microsoft's Windows 10, Outlook.com, Edge, and Exchange Online Protection include various security features that aim to block the fake tech support sites and fraudulent emails.

According to Microsoft, Edge users can prevent dialog loops by blocking a certain page from multiplying. And a new Edge feature gives users the ability to shut down browsers or tabs when facing a suspicious-looking popup message.

Interested in reporting a scam? Here's how you can contact Microsoft's support page directly.

The 3 big takeaways for TechRepublic readers:

  1. On Tuesday, Microsoft's Malware Protection Center announced that it had learned about new strategies to target those using Windows 10 via links that lead to fraudulent tech support sites.
  2. The scam involves a series of malicious ads that redirect victims to a fake tech-support page, in which Windows 10 users are presented with a display of fake Blue Screen of Death (BSOD) or other bogus Windows security alerts, according to ZDNet.
  3. Once users have clicked on the link that leads to the fraudulent website, they are presented with a host of security-alert popups that aim to drive users to contact the bogus support call center.

Also see...

windows-10-cnet.jpg
Image: CNET

About Hope Reese

Hope Reese is a Staff Writer for TechRepublic. She covers the intersection of technology and society, examining the people and ideas that transform how we live today.

Editor's Picks

Free Newsletters, In your Inbox