We keep talking about scams and cybercrime, but that is because these criminals keep coming up with new ways to con us. For example, there is a new scam going around – The Microsoft Support Call.
This is a new trend for scammers. They pose as ‘help desk staff’. With the aim of tricking employees into letting them take over their devices. This is part of a larger ransomware attack, where you will be denied access to your business data until you make a hefty payment. Recently a notorious cyber crime group has taken this scam to a new level.
Here’s how it goes.
First, they will flood an employee’s inbox with so much spam that it becomes virtually unusable, they will then ring in pretending to be IT Support to swoop in and ‘fix’ the problem. They then may ask you to install a remote desktop software such as Any Desk or even use built in tools such as Windows Quick Assist to gain access.
Once they have access, they can move around your network locking down all of your data and assets and holding them for ransom. Be warned though, they might not only reach out on the phone. They have also started setting up Teams accounts to make employees think that they are part of IT support. They do this by creating usernames such as ‘Help Desk@ or even using fake Microsoft tenant domains such as ‘securityadminhelper .onmicrosoft .com’.
Ransomware attacks are serious. Along with locking you out of your data they can also shut down your operations, disrupt customer service and potentially leak confidential information.
Recovery isn’t easy either, it can be expensive. Both in terms of paying the ransom and dealing with the aftermath. A lot of damage can be done, for example; loss of revenue, damage to your reputation and it could even have legal consequences that comes with its own costs.
We would recommend making your team aware of this scam and encourage everyone to be cautious about any unsolicited calls from your IT support or Teams chats. IF you do receive any of these calls, before doing anything you should contact you IT provider in the usual way. This will let you know if it was a scam or your IT Team. Better to be safe than sorry!
Furthermore, if you do use Teams in your business, ensure that it is set up correctly and securely. This mean only allowing external chats from trusted domains. This should ensure that no cyber criminals can message your team.
If you would like any extra help or support or have any questions or queries, feel free to get in touch!