Icon with crossed-out spanner and inscription "Stop Fakes!" in the background of the Microsoft website.

Internet fraudsters like to pose as Microsoft employees Image: Koshiro-K / shutterstock

Fraud - fake Microsoft service

31.3.2022

Caution Online Rip-Off

Every year they come again, new waves of so-called tech support scams. Most often, criminals pretend to be employees of Microsoft or Apple. With the changes in versions (Win365, Windows 11) of the most widespread operating system, the methods of the scammers also adapt somewhat. The relatively new Windows 365, i.e. the move towards time-limited subscriptions with mostly annual payment models that have to be renewed again and again, seems to be attracting fraudsters once again.

When "Microsoft" calls

Microsoft never calls to offer support services. If someone claims to be from Microsoft technical support on an unsolicited phone call, it is a scam. With so-called call ID spoofing tricks, criminals can import a fake caller info on the smartphone of the called person. If it rings and the display says "Microsoft", for example, this is by no means genuine. Claiming to have identified a problem on a computer and then offering unsolicited help is nonsense. Hang up! Fraudsters call people at random, claim to be from technical support and shamelessly exploit the technical ignorance of users. Older people in particular often fall for this trick. Often, the scammers also put the callers under pressure by claiming, for example, that the victim's device poses a danger to other users. Many users are actually struggling with various technical difficulties and assume that is why the call is taking place. Since the scammers dial a lot of numbers, they are heard too often due to the widespread use of the operating system as well as problems.

When "Microsoft" sends an email

which talks about fixing a software problem or a necessary update that you are supposed to activate by clicking on a link in the email, then it is a scam attempt. These emails link to fake Microsoft websites that look quite authentic but are just for the tech support scam. If you have received an email to renew your Win365 subscription, check very carefully if the website linked in it is genuine. What is confusing here is that not only Microsoft but also intermediary companies deal in Windows licences. The cloud-based Windows 365 automatically carries out updates and patches without you having to click on a dubious link in an email. With Windows 10 or the announced Windows 11, updates are also downloaded exclusively within the system itself. Do not click on any linked downloads and do not install anything from these sources. Delete the email! You can report the fraud attempt to Microsoft.

When a "Microsoft" error message pops up

and the fake pop-up error message or advertisement displays a link to click on or a free service hotline to call, do not follow the instructions under any circumstances! Microsoft never offers telephone service in error messages. Clicking on the link will attempt to install malware or to obtain personal data when calling the fake support hotline.

Cybercriminals try the following:

Scammers justify contacting you because of an urgent security risk, a serious technical problem, a Trojan or virus, or an attempt has been made to hack your device. Based on the detection of these or similar risks, they would contact you.
Fraudsters try to get the victim to install Anydesk or other remote maintenance software. This is to give up control of the device during the "service". Beforehand, they are sometimes instructed to type system commands into the Windows console, which give the victim the impression that they have really serious software problems on the device. After convincing the victim to relinquish control of the device, a fraudster can more easily perform the steps described below.
Charging money for fake services - Usually during the call by the alleged support, the victim is instructed to make a payment for the alleged service, e.g. via online banking or credit card.
Installing malware - All types of malicious software to spy on valuable data on the device or from data transfer logs, or even to use the device for your own criminal purposes.
Stealing personal data - either bluntly asking for it or asking for an ID to be held up to the webcam. Alternatively, sometimes a website is launched on which the victims enter their data. If you have allowed remote access, fraudsters simply get this data from the device themselves or install Trojans for later access. Sensitive information such as national insurance number, date of birth, financial accounts, credit or debit card number, passport or driver's licence number, health or medical history, passwords and usernames can cause significant damage in the wrong hands.
Install ransomware - e.g. blackmail software is installed disguised as an update or security software, which encrypts important data or locks the device. Blackmailers offer the key and release of the system/data again for payment, e.g. in untraceable cryptocurrency.

Warning video by Microsoft

If you have already fallen for the scam

and have something installed. Try to delete the malicious software from your computer. If you want to be on the safe side, reset your Windows completely. You can get help from the official Microsoft support site or from real IT companies.
If you have given away credit card or account details, contact your bank or credit card company. Payment service providers have routine processes for such cases, so let them guide you through the process.
If a user account (e.g. Microsoft account, email account, etc.) was used during the scam, change your password immediately! If the site notices that someone else has already used the service with your login data, contact the provider concerned immediately.
File a criminal complaint with the police. Especially if your identity could be misused, e.g. if perpetrators could have taken a picture of your ID card in order to be able to commit criminal acts with your identity.