Microsoft has warned of a new fake tech support email scam which has been doing the rounds.
Until recently, there was a common scam in which tech support scammers would cold-call victims in order to try and convince them to visit fake Microsoft websites, but now the software company is warning people to be on their guard against fake tech support emails too.
Con artists have used phishing emails for decades now to try and get people to click on links that send them to bogus bank websites or email log-in pages in an effort to capture personal data.
These emails are now appearing in inboxes but trying to get you to follow a link to a fake tech support website instead.
How it works
The emails could be from any well-known brand. Scammers have faked emails from LinkedIn, Alibaba and Amazon for a start. The email claims to be an invoice, cancelled order or social media message but it contains dodgy links.
The difference now is the link doesn’t take you to a fake login page for the website in question but to a fake technical page instead.
“Instead of pointing to phishing sites designed to steal credentials, the links lead to tech support scam websites, which use various scare tactics to trick users into calling hotlines and paying for unnecessary ‘technical support services’ that supposedly fix contrived device, platform, or software problems,” says Microsoft malware researcher, Alden Pornasdoro.
Microsoft’s data indicated that three million people every month are exposed to tech support scams – although it doesn’t know how many people lose money as a result.
If you use Microsoft software then make sure you use the in-built tools to block scammers. Windows 10, Outlook.com, Edge and Exchange Online Protection all have security features that, when activated, can block tech support scams and other phishing emails from your inbox.
Microsoft also points out that it never offers users unsolicited tech support, so if you receive a call or email out of the blue purporting to be from the IT giant it is not genuine.
Key signs of a scam email
As you’ll know by now, there are plenty of classic red flags to look out for when it comes to scam emails:
- The sender’s email address doesn’t match with the real organisations web address;
- You aren’t addressed by your proper name, instead there is a generic greeting such as ‘dear customer’;
- There is pressure to act quickly;
- You need to click on a link in order to act;
- You are asked for personal information such as a username, password or your bank details;
- Mistakes – scam emails often contain spelling and grammatical errors.