Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Phishing sites displaying a fake Windows Defender alert are the main threat in a new tech support scam. They pretend to be Microsoft support sites and might seem legitimate when offering a support service via a fake helpline number. Once the victim has contacted the helpline, the scammer gains access to their machine and can perform malicious activities.
In the past month, more than 50 such websites have been identified, with the related IP being located in India.
From Fake Alerts to Malicious Activity
Cyble Research & Intelligence Labs identified the scam where phishing websites pretending to be Microsoft support sites show a fake Windows Defender alert.
When users visit the phishing site hxxp://7878winsupportonline[.]xyz, they will be met with popups warning them that their computer has been locked. An “important security message” audio will be played, right until the user closes the fake website.
Further, as Cyber Security News points out, opening the URL will prompt a pop-up with the “Quick Scan” message, followed by a fake scan containing all the supposed threats detected on the user’s computer.
Next, there is another pop-up in which the victim is asked to call a support technician by dialing the number provided.
Contacting the scammers will result in them gaining access to the victim’s system using any third-party remote desktop application. From this point on they can perform fraudulent transactions or install other malware such as RATs, stealers, or other unwanted programs that can obtain sensitive data from the victim’s machine.
Additionally, CRIL observed the tech support scam targeting iPhone devices as well. As per their researchers, the phishing site hxxp://0044winsupportonline[.]xyz pretends to be an official Apple support website and shows the message about the machine being locked due to illegal activity. Just as described before, the victim is urged to contact the customer support number provided the phishing site in order to unlock their device.
Recommended Measures
First of all, it`s extremely important to note that Windows Defender will only alert users though the installed application and not via a web browser, so receiving an URL in an email or SMS should be the first red flag.
Secondly but equally important, users should absolutely not open any links or attachments that are generated from an untrustworthy source.
Further, financial transactions should be regularly checked for any suspicious activity, and if there are concerns on this matter the bank is to be contacted immediately. Also, the automatic software update feature on the computer, mobile, or other connected devices should be enabled.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, YouTube, and Instagram for more cybersecurity news and topics.
I was scammed. I thought there was something wrong with my computer so I called the number and the person I talked to sounded legit… Then all of a sudden the mouse icon on my screen started moving and my phone started opening apps and transferring money through my Cash app. I started interrupting the guy by getting out of the app stopping him from cleaning me out. I also unplugged my computer but they did a number on it before I knew what was going on. BEWARE
Thank you for this information! It was very helpful in my thwarting an attack on my computer and bank account. These people were very slick and convincing, but I noticed they changed their story slightly and misspelled hacker (haker) in one of their mock scans, and the place they were calling from was VERY noisy, etc…beware!