Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
A new Norwegian campaign of scam phone calls has been spotted, along with a rise in malicious phone calls from hackers claiming to be Microsoft support representatives.
The usual scheme of such phone calls is simple: the would-be hackers call you from a legitimate-looking number (not hidden or concealed in any way) and afterward attempt to convince you that you have a problem with your account or devices. They pretend to be representatives of Microsoft (like in this latest Norwegian campaign of scam phone calls) or of any other major software/account provider.
If their scare tactic works, they further claim that in order to solve your problem and restore your account security, you must provide them with your password or other confidential data. Or they attempt to sell you some tool they claim can solve the problem. Whatever the case, it’s bogus.
The Latest Scam Phone Call Campaign Comes from Norway
If you’re a regular reader of the Heimdal™ Security blog, you might remember my friend Alex Lungu as a net neutrality expert, whom I interviewed here in the past. Today I’ll be sharing a scam phone call from Norway recorded by him, which perfectly shows you how these would-be criminals operate.
Of course, every hacking group is different and therefore future calls might have another pretext and another script. Others might be better at persuading you than these were (not very believable, were they?), but you should not get your guard down.
We can wager a guess that this newest Norwegian campaign of scam phone calls is targeting employees of key businesses situated in Norway and Western Europe first and foremost, but other European countries are obviously not exempt. You might wonder how come would-be criminals are willing to expose themselves like that instead of relying on something more impersonal, like classic spear-phishing.
That’s precisely why attacks like this work; because we are talking with a real human at the other end of the line, we are more likely to believe them and to want to cooperate. It’s why these techniques are called social engineering (since they rely on the human instinct to be social and play well with others).
Here is how not to fall prey to them or to similar phone schemes.
The Tell-Tale Signs that You Are Dealing with a Scam Phone Call
Here are just a few warning signs that should make you pause whenever you are taking on the phone with strangers about your digital life and accounts.
#1. You did not request any assistance
Un-called for calls are almost always a sign that there’s something amiss. Not always, since legitimate concerns may arise about a sensitive account, but in that case, you will at least get contacted through more official means (from a company representative you already know and work with).
#2. This is not an account manager you know
This brings me to the next point: if you do have to get an unexpected call, if it’s legitimate it will at least come from a known account manager or customer representative. Out of the blue calls from strangers, on matters of account security, are dubious from the get-go.
#3. They are asking for log-in data
A legitimate support group, regardless of the company or service they are representing, will NEVER ask for your password or other sensitive data. They don’t need it to be able to help you. That’s not how legitimate service works.
#4. They are specifically targeting company accounts / or want to sell you something
It’s simple: if they are after your company, they will request access to a business account, so they can infiltrate the company network afterward. If they are not targeting you because of the company you are a part of, they probably just want your money, so they will try to sell you something that allegedly solves the inexisting problem. Unless they also ask for your personal bank account access.
#5. They urge you to act fast
You can read further tips for making sure you don’t become a victim of scam phone calls in Bianca’s guide. This Norwegian campaign of scam phone calls will pass, but similar ones will surely follow.
In the meantime, stay safe and don’t believe any fishy claims these days, especially if they’re coming from an unknown Norwegian number.
They even target Swedish numbers. Just had a call from +47 112342464 from a man claiming to call from Microsoft. I even recognised the voice from a previous scam call a few years back.
If you’re in Norway they call from 920 03 355 . I received call just now.