Fraudsters advertise false Microsoft support numbers

Anyone searching for telephone support numbers from Microsoft, for example, may receive advertisements for telephone numbers from fake support staff as a result. Particularly perfidious: The URLs also refer to Microsoft domains.

The virus analysts at Malwarebytes explain the current scam in a blog post. Previously, the scam was more commonly known to work the other way around: In unexpected calls, fraudsters pretend to be Microsoft employees who want to help solve computer problems or remove malware, for example.

Google advertising and Microsoft infrastructure

The virus researchers explain that they came across Google advertising that looked as if it had been placed by Microsoft itself. The URL displayed refers to Microsoft domains and uses the original logo. After clicking on the ad, interested parties also land on a page hosted under the Microsoft domain: learn.microsoft.com. A false telephone number for the supposedly official Microsoft support appears on the page. The stored profile shows "Microsoft Support" and is also fake.

In the details of the advertisement, which Google reveals after clicking on the three stacked dots to the right of the displayed URL, it becomes clear that Microsoft is not the advertiser. An advertiser from Vietnam has paid for the specific fraudulent advertisement shown. The URL learn.microsoft.com can be used by people who have a Microsoft Learn profile. For example, they can compile lists of content there that they make available to followers. This can include documentation, training modules, learning paths, videos, code snippets and more, Malwarebytes quotes the Microsoft description. The Microsoft Learn profile then also reveals that only "Microsoft Support" appears as the display name; in this specific case, the username was JamesKing-8561. However, only those who take a closer look at all the places will find this out.

A second similar scam displays a Microsoft URL by linking a search to Microsoft's search engine via the URL microsoft.com/en-us/search/explore. The parameters passed encode the data, which then displays the phone number as a highlighted search term. This also hides false IT support that only pretends to come from Microsoft. Typically, they then use remote control software to access the victim's computer, pretending to have a malware infection and demanding money to clean it up.

The IT researchers explain that interested parties should never call telephone numbers directly from a search engine advertisement. To visit the official website of the company they are looking for, they should not click on "sponsored links", but scroll down in the search results until they reach the organic results. However, this does not consider so-called SEO poisoning, i.e. misleading search results in the normal listing. Ideally, the address of the website of the company being searched for should therefore be entered directly into the browser. However, caution is also required here, as a typo could lead interested parties to fraudulent typosquatting websites with similar addresses.

Fraudsters often use official advertising to find victims. Last week, for example, it became known that criminals had cleverly misused advertisements for Google offers to direct potential victims to fake tech support and take money out of their pockets.

(dmk)