Microsoft Support Scam – Ongoing Corporate Social Engineering Attack Guidance

Several Secure Mentem clients have reported that they are being targeted by Social Engineering attacks where the attacker claims to be from Microsoft technical support. The attacker then tries to get the user to download malicious software or go to a malicious link. This attack is widespread enough that we want to warn everyone. If you find that your organization is being hit with these calls, please consider sending out some form of the following message.

Security Alert

All Company employees should be aware that there have been a series of calls to random employees from outsiders claiming to be from Microsoft or other vendors. They claim that there is some problem with your computer and they need you to visit a website, download software, or take a similar action. Do not do this!

If you receive one of these calls, tell the person that you are busy and ask them for their contact information. Then report the call to the security team at ________________. If you did fall victim to this attack, please inform us immediately. We understand that these criminals are very clever, and only if we know about the attack can we make sure there is no damage.

Thank you for your help and remember that you are our best security measure.