Many people turn to search engines for assistance with their computer issues, often searching for contact information for tech giants like Microsoft or Apple.
However, this reliance on search engines has become a fertile ground for scammers, who have devised sophisticated methods to deceive users.
This article explores two recent scams that exploit Google ads and Microsoft’s infrastructure to create convincing fraudulent scenarios.
Trick #1: Fake Helpdesk Page via Microsoft Learn
One of the scams involves a fake helpdesk page cleverly disguised to appear as an official Microsoft support page. Users searching for Microsoft support live agents may encounter a sponsored result that seems legitimate, complete with Microsoft’s logo and URL.
Clicking on this ad redirects users to a page on the legitimate Microsoft website (learn.microsoft.com), which displays an “official” phone number. Upon closer inspection, it becomes evident that this ad was not created by Microsoft but by an advertiser from Vietnam.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial
This does not necessarily identify the scammer, as the account may have been compromised. The scammer exploits Microsoft Learn Collections, a feature that allows users to create curated lists of Microsoft Learn content.
By creating a fake “Microsoft Support” profile, the scammer deceives users into believing the page is genuine.
Trick #2: Microsoft Search Query Hijack
Another scam uses a different tactic, starting with a Google ad that leads victims to a search query page on microsoft.com/en-us/search/explore.
This method involves passing specific parameters to the URL, making it appear that the page displays a legitimate Microsoft contact number.
This clever manipulation abuses the intended use of Microsoft’s search feature, tricking victims into calling fraudsters posing as Microsoft technicians.
These scammers, often operating from distant call centers, use remote access programs to gain control of victims’ computers.
According to a report by Malwarebytes, the potential damage ranges from stealing hundreds of dollars to emptying entire savings accounts.
Protecting Yourself: Tips for Safe Online Support
Scammers know that many individuals, particularly the elderly, may be unable to visit a physical store for computer repairs. Online assistance is often their only recourse.
Here are some essential tips to protect yourself:
- Avoid Calling Numbers from Ads: Never call a phone number that appears in a search or display ad.
- Seek Organic Search Results: Avoid clicking on sponsored links. Instead, scroll down to find organic search results.
- Be Wary of SEO Poisoning: Scammers may manipulate search engine results. Type the website address directly into the browser’s address bar if possible.
- Watch Out for Typosquatting: Ensure you spell website addresses correctly to avoid being redirected to malicious sites.
- Consider Local Help: Ask friends or acquaintances for assistance if available.
- Keep Your Computer Secure: Use up-to-date security software to protect against malware and malicious websites. Consider using tools like Malwarebytes’ Browser Guard extension for enhanced online safety.
By staying informed and cautious, you can protect yourself from falling victim to these sophisticated scams. Always verify the authenticity of online support resources and seek help from trusted sources.
Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial