bleepingcomputer.com

If there is anything to be said for the current state of digital security it’s that attacks have become sophisticated and there’s little sign that they’ll slow down any time soon. Take the fake tech support scam that’s been prevalent for a few years now for example.

A technical support scam refers to a class of telephone fraud activities, in which a scammer claims to offer a legitimate technical support service, often via cold calls to unsuspecting users. Such cold calls are mostly targeted at Microsoft Windows users, with the caller often claiming to represent a Microsoft technical support department.

Via en.wikipedia.org

I’ve had a number of clients fall victim to this scam and the scary thing is, the attacker almost always convinces the victim to give them remote access to their computer. They’ll then use trickery to convince the victim that their computer is in need of service and will collect a credit card number as payment to “fix” it. The scam is convincing and it’s conned a lot of people out of a lot of money.

In 2017, Microsoft Customer Support Services received 153,000 reports from customers who encountered or fell victim to tech support scams, a 24% growth from the previous year. These reports came from 183 countries, indicating a global problem.

 

Approximately 15% of these customers lost money in the scam, costing them on average between $200 and $400. In some cases, victims pay a lot more. In December 2017, Microsoft received a report of a scammer emptying a bank account of €89,000 during a tech support scam in the Netherlands.

 

In a 2016 survey sponsored by Microsoft, two in three respondents reported experiencing some form of tech support scam in the previous 12 months, with nearly one in ten losing money.

read more at cloudblogs.microsoft.com

This attack promises to be particularly troublesome by virtue of it being convincing.  There are graphics demonstrating how well the attack is crafted in the original article.

A phishing campaign has been discovered that pretends to be a non-delivery notifications from Office 365 that leads you to a page attempting to steal your login credentials.

 

This new campaign was discovered by ISC Handler Xavier Mertens and states that “Microsoft found Several Undelivered Messages”. It then prompts you to click on the “Send Again” link in order to try sending the emails again.

read more at bleepingcomputer.com

With the demise of Microsoft Small Business Server, many of my clients are moving to Office 365. Office 365 error messages can be cryptic enough, watch out for scams! My 3 Simple Ways to Detect Bogus Email can help you and your staff prevent costly IT serviceGet your PDF copy here