Headline
New Tech Support Scam Uses Microsoft Logo to Fake Browser Lock, Steal Data
The Cofense Phishing Defense Centre warns of a new tech support scam using Microsoft’s brand to lock browsers and steal data. Learn how the attack uses fake ‘payment lures’ and urgent security alerts to trick victims into calling a fraudulent support number.
A new, aggressive tech support scam has been discovered by experts at the Cofense Phishing Defense Centre, who say it’s actively exploiting the public’s trust in huge brands like Microsoft. The attackers are now using Microsoft’s logo and branding to trick people into thinking their computers are locked by a virus, forcing them to call a fake support number.
The research report, published on October 14 and shared with Hackread.com, explains that this campaign is more complex than a typical phishing email. It reportedly begins with an email trying to grab your attention with a “payment lure.”
This means the scammer offers a fake refund or reimbursement, usually from a company like Syria Rent a Car, and promises you access to the funds if you simply confirm your email address, as shown in the sample email.
****The Deceptive Steps****
Once someone clicks that link, they are redirected to a CAPTCHA challenge, where they must prove they are human. This step achieves two goals: it makes the process look more realistic and helps prevent automatic security systems from analysing the threat.
Further probing revealed the most frightening step- the final landing page. After getting past the verification, victims are suddenly overwhelmed by pop-ups that perfectly imitate genuine Microsoft security alerts.
The browser is then manipulated to appear locked, with the user losing control of their mouse. This terrifying situation creates a fake ransomware attack experience. Dylan Main, the report author for Cofense, notes that this shows the attacker’s goal is “exploitation by any means necessary to steal information and infiltrate systems.”
Email lure, Fake CAPTCHA Page, and Locked out Screen (Source: Cofense)
****The Call for Help is a Trap****
The sudden, visual shock and loss of control are the scam’s main psychological tools, making the victim feel their system is completely compromised and that they must call for help immediately.
This, combined with the reassuring presence of the Microsoft logo and official-looking text, effectively compels them to call the fake Microsoft Support number displayed on the screen. It is worth noting that this lock is merely an illusion, and you can easily defeat it by holding down the ESC key.
During the scam’s final stage, the victim makes the call and is quickly connected to a fake technician. Their true objective is to steal the victim’s account credentials or convince them to install remote desktop tools, which gives the criminal full access to their computer.
This entire campaign shows “how brand trust can be weaponized against users,” Main notes. To stay protected, always remember that a legitimate tech company like Microsoft won’t call you out of the blue or lock your browser with an alert asking you to call a number. Stay safe and be sceptical, even of familiar logos.