Ransomware from call centres
What is it?
Scammers are sending emails to Office 365 and Microsoft 365 users in an attempt to trick them into phoning a help centre, which is staffed by hackers who try to install ransomware on their computers.
Microsoft says the scam begins with an email that claims your free trial to a service is about to end, and your credit card will soon be charged for the full amount. Each “wave” of the scam mentions a different subscription in the email. Previous examples include a photo-editing service, or membership of a cooking and recipes website. A more recent version has a message confirming your receipt for a software purchase.
What makes this scam different to typical phishing attacks is that it tries to scare you into phoning a number, rather than click a link or download an attachment. Calling the number takes you to a scammer who says they can help you cancel the supposed subscription or transaction. They ask you to visit a website that looks like a genuine business and download an Excel file from the account page. Doing so infects your computer with the Bazaloader malware, allowing the scammer full control of your computer.
How can you stay safe?
First, read Microsoft’s highly detailed blog post: www.snipca. com/39062. It contains examples of the emails sent – including one for ‘photoshop’ (see screenshot) – and the subject lines (for example, ‘Your subscription will be changed to the gold membership, as the trial is ending’).
For now this attack is aimed at Office 365 and Microsoft 365 users, but there’s no reason why it won’t spread beyond this. If you receive a suspicious email referring to a subscription ending, ring the company to check whether it’s genuine. Don’t call the number contained in the email though: instead, visit the company’s site and look for the number in the ‘Contact Us’ pages.