Network defenders for corporate IT environments can detect attacks that use XSS and open redirects by requiring all web requests to go through an HTTP proxy server. Data collected from endpoints that include URLs for remote connections can also be used for remote workers who might not always use corporate network VPNs for all network traffic. Look for warning signs of XSS such as %3Cscript or more encoded versions of that in URLs. Companies should also ensure that their websites do not contain vulnerabilities that would allow attackers to abuse them for XSS or open redirects. This type of tech support scam is more likely to affect individuals, rather than business users, so it is also helpful to inform relatives and friends about this type of scam and that they should never give remote access to their computer to anyone who calls on the phone or puts a phone number on their screen.
For more details, please read Malwarebytes blog: https://blog.malwarebytes.com/cybercrime/2020/10/xss-to-tss-tech-support-scam-campaign/