A new vishing (voice phishing) attack is scamming victims by scaring them with fake Microsoft Defender invoices in an attempt to take over control of their computers.
The campaign was first detected by security researcher Barak Tawily, who shared his findings Thursday via a blog post and on Twitter:
“Scam alert: vishing-scammers spoofed Microsoft’s ‘Microsoft Defender’ and send voice messages pretending to be bills,” he wrote on Twitter .
Tawily said the vishing scam begins with a phone call that offers “Microsoft support.” Victims are then persuaded into opening remote desktop connections so the scammers can access their PCs. From there, malware is downloaded, meaning criminals could potentially lock down devices and demand a ransom in return for a decryption key.
Tawily said vishing scammers have been using similar tactics in recent weeks to target Chrome and Firefox users. Reports indicate that victims are receiving automated messages telling them their browsers are infected with the Dvmap malware , claiming it must be removed immediately or else data will be encrypted and held for ransom (i.e., “we will block your browser”). The messages claim that support is available via vishing, which encourages people to call numbers listed in Florida and Texas .
It’s unclear if the vishing scam described by Tawily is related to the Dvmap malware attack, but vishing continues to gain momentum as a top method of cybercrime: Earlier this year, security specialist Symantec said vishing attacks are surging in popularity among extortionists, including the infamous Business Email Compromise (BEC) vishing scam.
The latest vishing campaign discovered by Tawily uses a “voice message pretending to be a bill,” he told ZDNet via Twitter .
“It has been observed over the last few days that vishing-scammers spoofed Microsoft’s ‘Microsoft Defender’ and send voice messages pretending to be bills,” Tawily wrote in his post. “This is not an automated attack but humans doing vishing.”
Tawilyn also posted two audio samples of the vishing attack, which use Microsoft support numbers listed in Texas and New Mexico . Both recordings say visitors are subject to a $100 fee before the vishing attack will stop.
“We are very sorry, but there seems to be some kind of technical problem with your device,” the vishing message states. “To solve this issue, we’ve detected that you need troubleshooting assistance from our Microsoft support team . You can call on (866) 576-1810 x99 to fix the error.”
The vishing scam is similar in nature to another vishing campaign reported by BleepingComputer earlier today , which claims victims must pay an immediate $200 fine or risk having their social security number blocked for life. The vishing scheme uses phone numbers listed in Texas and Washington state , according to BleepingComputer’s Lawrence Abrams .
Tech support vishing scams are extremely common, and vishing attacks often use scare tactics to convince victims into giving up personal information. A vishing attack , for example, might inform users that their system is infected with ransomware; if people call the phone number listed in the vishing message, attackers will instruct them on how to pay the ransom (and pocket victims’ money).
Another vishing scam that made headlines last week told Chrome users their browsers were infected with malware and asked people to call a Google-listed phone number to receive assistance. Once called, however, criminals locked devices down so they could demand a ransom in return for a decryption key.
Technology news site BleepingComputer has published several vishing awareness guides over the past year. If you need help with cybersecurity contact MicroPac today to schedule a consultation.