BOOK THIS SPACE FOR AD
ARTICLE ADMany people turn to their favorite search engine when they are facing an issue with their computer. One common search query is to look for the telephone number or contact form for Microsoft, Apple or one of many other brands.
Scammers have long been interested in pretending to be Microsoft technical support. Years ago, inbound unsolicited calls were one of the most common techniques to bring in new victims. In more recent times, fake alerts that take over the browser claiming your computer is infected with viruses have been the dominant vector.
Today, we take a look at two subtle and extremely deceiving campaigns that leverage Google ads and Microsoft’s own infrastructure to create perfect scam scenarios that fooled us for a minute.
Trick #1: Fake Helpdesk page via Microsoft Learn
We found this ad while looking for Microsoft support live agents. The top (sponsored) result looks like it was bought by Microsoft itself with its official logo and URL.
Users who click on the ad are redirected to a legitimate Microsoft website (learn.microsoft.com) showing Microsoft’s “official” phone number. This page has the look and feel of a genuine knowledge base article especially since it appears to be posted by “Microsoft Support”:
Clicking the 3 dots beside the ad reveals that it actually doesn’t belong to Microsoft at all, but instead was paid for by an advertiser from Vietnam. This does not mean this is the actual scammer, simply that this account may have been compromised and is being used to create malicious ads.
As for the Microsoft page, it was created by a scammer via a fake Microsoft Support profile using Microsoft Learn collections.
Microsoft Learn Collections is a feature available to anyone with a Microsoft Learn profile. Collections allow you to create curated lists of Microsoft Learn content to share with your followers. A collection can include documentation articles, training modules, learning paths, videos, code samples, and more.
Here’s the profile for “Microsoft Support” that actually belongs to the scammer, using the profile id JamesKing-8561:
Trick #2: Microsoft Search query hijack
The second (unrelated) ad campaign we saw is using a different tactic but also starts with a Google ad. When victims clicking on it, it will launch a search query page via microsoft.com/en-us/search/explore.
This clever trick works by passing the following parameters to the URL:
Call+%2B1+%28844%29+327-5425++Microsoft+Support+%28USA%29When the page finishes loading, it will display what looks like a contact number from Microsoft. In a way, this is a form of advertisement that totally abuses what the Microsoft search feature was intended for:
Fraudsters sitting in a far away call center pretending to be Microsoft technicians will trick victims into letting them onto their computers using remote access programs. The damage these scammers can do ranges from stealing a few hundred dollars as part of a “repair”, to emptying entire savings accounts.
Needless to say, you do not want to call these crooks, let alone grant them access to your computer.
Getting real support
Scammers are well aware that many people, especially the elderly, aren’t in a position to take their computers to a brick and mortar shop. Looking for help online from the convenience of their home is often the only option.
Here are some tips:
Never call a phone number that you see in an ad (search ad, or display ad). To visit an official website, refrain from clicking on sponsored links. Instead, scroll further down and look for the organic search result. Tip above does not take into account SEO poisoning, where scammers game search engines’ results. If you can, type in the website directly into the address bar. Tip above does not take into account ‘typosquatting’ which is when you make a mistake in the spelling of the website and are redirected to a malicious site instead. This is something you should be aware of as well. Perhaps there is help available locally, which you may get by asking a friend or acquaintance.Finally, keep your computer up-to-date and secure with protection against malware and malicious websites. Malwarebytes‘ offering includes the free Browser Guard extension which secures your online browsing experience.
In the meantime, the real Microsoft website can be accessed at support.microsoft.com and it looks like this (in the U.S.):
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.