Microsoft has been warning users about tech support scams for years, and this week shared how it is seeing these scams continue to evolve by targeting victims through emailed links that lead to tech support scam websites.
The spam emails, according to Microsoft, use social engineering techniques to get users to click suspicious links. Once a target clicks on the link, they are led to a tech support scam website, “which use various scare tactics to trick users into calling hotlines and paying for unnecessary ‘technical support services’ that supposedly fix contrived device, platform, or software problems.”
A survey last year, cited by Microsoft, found that two out of three people have experienced a tech support scam in the previous 12 months.
As Microsoft explains in a blog post, while typically tech support scams leverage a mix of techniques, including malicious ads, malware, and cold calling, email lets them “cast a wider net.”
“The technical support scam websites employ various social engineering techniques to compel users to call the provided hotlines,” Microsoft said. “They warn about malware infection, license expiration, and system problems. Some scams sites display countdown timers to create a false sense of urgency, while others play an audio message describing the supposed problem.”
Microsoft has been tracking tech support scams for years, working with law enforcement to investigate tech support fraud networks and strengthening its technology to prevent tech support scams from making it in customer inboxes in the first place. Microsoft recommends that users update to Windows 10 if they haven’t already to ensure they are benefiting from the most up to date security defenses.