article featured image


Phishing sites displaying a fake Windows Defender alert are the main threat in a new tech support scam. They pretend to be Microsoft support sites and might seem legitimate when offering a support service via a fake helpline number. Once the victim has contacted the helpline, the scammer gains access to their machine and can perform malicious activities.

In the past month, more than 50 such websites have been identified, with the related IP being located in India.

From Fake Alerts to Malicious Activity

Cyble Research & Intelligence Labs identified the scam where phishing websites pretending to be Microsoft support sites show a fake Windows Defender alert.


When users visit the phishing site hxxp://7878winsupportonline[.]xyz, they will be met with popups warning them that their computer has been locked. An “important security message” audio will be played, right until the user closes the fake website.

Further, as Cyber Security News points out, opening the URL will prompt a pop-up with the “Quick Scan” message, followed by a fake scan containing all the supposed threats detected on the user’s computer.


Next, there is another pop-up in which the victim is asked to call a support technician by dialing the number provided.


Contacting the scammers will result in them gaining access to the victim’s system using any third-party remote desktop application. From this point on they can perform fraudulent transactions or install other malware such as RATs, stealers, or other unwanted programs that can obtain sensitive data from the victim’s machine.

Additionally, CRIL observed the tech support scam targeting iPhone devices as well. As per their researchers, the phishing site hxxp://0044winsupportonline[.]xyz pretends to be an official Apple support website and shows the message about the machine being locked due to illegal activity. Just as described before, the victim is urged to contact the customer support number provided the phishing site in order to unlock their device.

Recommended Measures

First of all, it`s extremely important to note that Windows Defender will only alert users though the installed application and not via a web browser, so receiving an URL in an email or SMS should be the first red flag.

Secondly but equally important, users should absolutely not open any links or attachments that are generated from an untrustworthy source.

Further, financial transactions should be regularly checked for any suspicious activity, and if there are concerns on this matter the bank is to be contacted immediately.  Also, the automatic software update feature on the computer, mobile, or other connected devices should be enabled.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa


Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.