Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

Tech support scammers target Microsoft users with fake Office 365 USB sticks

published on 2022-09-01 11:29:24 UTC by
Content:

Microsoft has issued a warning to customers after discovering that threat actors are using their brand to defraud and exploit people in a variety of ways…

Instances identified by Microsoft have included fake tech support phone calls and emails purporting Bill Gates-themed lottery spam mail, with Excel spreadsheets containing malicious macros.

A more recent concern involved threat actors reproducing imitations of Microsoft products. One package appeared to be manufactured to a convincing standard and contained an engraved USB drive, alongside a product key.

Upon connecting the USB to a device rather than the advertised software from Microsoft, the victim saw a popup for a fake tech support line. According to Martin Pitman, a cybersecurity consultant for Atheim, the warning screen appeared saying there is a virus, and encouraged the user to get help to fix the issue by calling ‘support’.

Should the number be called, the fake helpdesk were reported to have installed a remote access trojan (RAT) and take control of the device.

Baiting attacks are not new, they target specific victims and rarely use postal packages for various reasons.

However in this case, the threat actors - who are suspected to be operating from the UK - targeted random people using the postal packaged.

Such targeting may seem inefficient, but if you send out a thousand counterfeit Microsoft Office packages and steal money or exploit a few dozen people, the act will quickly pay for itself.

Moreover, it could be more efficient than sending out millions of fraudulent emails, as individuals become more vigilant of email scammers.

Overall Microsoft is aware of the issue but says it is a rare occurrence. However, it is not so rare for Microsoft to be mindful of it and launch an internal investigation.

In the interim, the company have resorted to distributing software via the internet and advised customers to visit the appropriate Microsoft support page to find out how to avoid fraud and scams.


Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).


Article: Tech support scammers target Microsoft users with fake Office 365 USB sticks - published about 2 years ago.

https://www.emcrc.co.uk/post/tech-support-scammers-target-microsoft-users-with-fake-office-365-usb-sticks   
Published: 2022 09 01 11:29:24
Received: 2022 09 07 18:53:29
Feed: The Cyber Resilience Centre for the East Midlands
Source: National Cyber Resilience Centre Group
Category: News
Topic: Cyber Security
Views: 1

Custom HTML Block

Click to Open Code Editor