Fraudulent phone calls from fake Microsoft technical support
What is going on?
Cybersecurity Team of Masaryk University has recently received several reports from users about fraudulent calls to Masaryk University's specialist workplaces.
Attackers use coercion to try to encourage the user to install remote access software (TeamViewer, AnyDesk) on their device. They argue that they urgently need to solve a problem in the facility. After the software is installed, the victim communicates code that allows the attacker to seize his device and perform any action. This method of social engineering is called Vishing.
To remember
- Microsoft Technical Support will never contact you directly as an individual to report a problem with your device.
- Warning messages from Microsoft never include a telephone contact to call.
- Do not answer the phone and hang up.
- Please report this incident immediately to the Cyber Security Team of Masaryk University.
The Police of the Czech Republic recently issued a warning against a similar type of attack. In this case, the attacker uses phone calls, text messages, or e-mails to convince you that your funds are at risk, and you must take immediate steps to save them. However, if your money was at risk, your bank would react and take further action. Again, this is Vishing to which it is best not to respond.
Conclusion
Be careful and never share any information or take any action without verifying the authority of the person or organization. If in doubt, please contact our team at csirt@muni.cz. Our security experts will contact you soon.
Resources
- https://support.microsoft.com/cs-cz/windows/ochrana-p%C5%99ed-podvody-zalo%C5%BEen%C3%BDmi-na-technick%C3%A9-podpo%C5%99e-2ebf91bd-f94c-2a8a-e541-f5c800d18435
- https://nukib.cz/cs/infoservis/aktuality/1699-upozorneni-na-podvodne-telefonaty-od-falesne-technicke-podpory-microsoft/
- https://www.policie.cz/clanek/web-informacni-servis-zpravodajstvi-soucasne-trendy-podvodniku-vishing-a-spoofing.aspx