The bogus tech support scam has been around for years. I remember getting calls even in the early days from someone pretending to be Microsoft. Now, however, that’s a tired tactic, and scammers are looking to pull users in online rather than on the phone.

Microsoft’s protection center has noted a new tactic that uses phishing emails to direct users to bogus tech support sites. Users will receive an email from what appears to be a trusted sender, like Amazon, LinkedIn, and more. Clicking a link will then take them to a site with malicious pop ups that tell a user their computer has a problem.

In some cases, this even combines with the Hicurdismos malware to force a fake a blue screen, or Monitnev, which displays fake errors when an application crashes.

The ultimate goal is to convince users to pay for the issue to be fixed, when it’s either non-existent or created by the scammers.

“The technical support scam websites employ various social engineering techniques to compel users to call the provided hotlines,” explains Microsoft. “They warn about malware infection, license expiration, and system problems. Some scams sites display countdown timers to create a false sense of urgency, while others play an audio message describing the supposed problem.”

Windows 10 Protections

Thankfully, Microsoft has a few solutions in place for these threats. Microsoft Exchange Online Protection is available for $1 per user per month and makes sure such emails never reach the inbox.

For the regular user, updating the latest version of Windows 10 and using Edge will help. The browser uses Windows Defender SmartScreen to block these websites and others. As a rule of thumb, however, remember that Microsoft never displays support numbers in error messages.

Of course, that does nothing to protect against cold-callers. It’s important to be aware that Microsoft will never reach out proactively to users offering support. Instead, you have to use to Microsoft Answer Desk.