There are over 3,000 TechNet pages flooded with tech support scams pushing shady phone numbers for cryptocurrency exchanges and social media platforms.
Tech support scammers have created over 3,000 pages on the Microsoft TechNet portal to promote various shady services.
They are using Microsoft’s portal to gain a reputational boost from the microsoft.com domain, which will make their shady ads to appear higher in search results than if they would have if they used self-hosted websites.
Microsoft TechNet is a portal that contains documentation for Microsoft products, discussion forums, and acts as a download center for various Microsoft-related software and trialware.
Companies and individual people must take certain precautions against this growing phenomenon of malware cyber attacks; for that they should implement at least a cybersecurity solution, like an antivirus, to protect their systems. Necessary things like regularly updating operating systems, using antivirus for Windows or antivirus for Mac depending on which OS your device is using.
Companies must also hire professional cybersecurity firms to do regular checkups to their internal network a couple of times per year. These checkups must always include a penetration test and various ethical hacking test.
All the tech support scams were set up on the gallery.technet.microsoft.com, the subdomain for the TechNet free downloads library.
As soon as the tech giant found out about this, its staff intervened and removed the pages on the same day. Some remained cached in search engine results last night, but eventually, the pages were removed from Bing and Google’s cached results as well.
This is not the first time scammers use this technique. Cybersecurity researchers reported a similar issue with tech support scammers invading the Quip collaboration website (owned by Salesforce), at the end of August, and the Spotify official forum, in December 2017. Both Quip and Spotify got their tech support spam problem under control.
On many websites, this is a problem, and it’s not likely to stop anytime soon, especially because it works.
However, it’s EXTREMELY easy to fix this problem
from a developer’s perspective, it would take less than 5 minutes to implement, a day overall including testing and deployment.
We would continue to monitor this type of scam. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.