This campaign starts by users receiving an email alert urging the user to renew their Office subscription. From there, users click the link within the email that directs them to the mirrored Microsoft support site that has a live chat area. Scammers then engage in conversation with users that are having issues with login information and sometimes even remote access is granted. A researcher decided to interact with the chat support, which led to him stating that he believed it was a phishing campaign–to which the suspected scammer closed the chat. The page was reported to Tawk.to and ultimately got the chat support banned. The chat support is now back up under a different name after being banned, and the fake Office page is still up and running.
Analyst Notes
Users should deploy a SPAM filter which would detect viruses and blank senders. A web filter should also be used to deter users from visiting malicious webpages.
