Software developer Cody Johnston has found over 3,000 tech support scams promoted via Microsoft TechNet. The scams seem to be targeting primarily cryptocurrency users and date back to August 2018.

They center around popular bitcoin sites like localbitcoins, Coinbase, and Bittrex, providing false support numbers. The attacks are posted by false accounts and are extremely noticeable due to their use of strange symbols, capitalization, and emoji’s.

The scams are interesting due to their use of Microsoft’s site to boost SEO. Where self-hosted sites would have difficulty getting to the front page of Google, TechNet is an established and well-regarded source.

A Widespread Campaign

By searching phone numbers involved in the scam, WinBuzzer was able to determine similar scams on Web Flow, Medium, the PlayStation forums, and GitHub. We were also able to find bespoke Blogspot sites.

The spam on TechNet seems to have ramped up over the past month, but entries on other sites date back to 2017. Scammers make use of different phone numbers, making it harder to automatically identify them.

After being contacted, Microsoft removed swathes of accounts and pages, as well as cached results from Google and Bing. Johnston says it would take less than a day for companies like Microsoft to create a solution for the issue.

As well as cryptocurrency, ZDNet reports ‘support’ targeting digital currency sites like Google Wallet. The issue was previously a problem for Spotify, but the service has since managed to eliminate such posts.