Phishing campaign uses fake Office 365 page with live chat support
- An email with a bogus subscription renewal alert contained a link that redirects to this fraudulent website.
- The scammers used a free live chat application for websites, to provide so-called customer support.
Cybercriminals have now resorted to false customer support services to lure victims into disclosing their credentials. In a new revelation, security researcher Michael Gillespie has discovered a phishing page that brags of live chat support. This website poses itself as an official Office 365 support resource.
The big picture - It all starts with an email containing a fake Microsoft alert asking victims to renew their Office subscription.
When the link present in the message is clicked, it redirects to a genuine-looking Microsoft support site. Here, a live-chat support section is visible where users usually turn to if they encounter any problems.
Suppose the users provide their login credentials while conversing with the scammer in the chat, their accounts could be compromised. In addition, if remote access to the computer is provided, the scammers can take away much more than the credentials.
What next - To figure out more details about the scam, Michael Gillespie interacted with the fake Microsoft support staff member. The fake support staff asked him if he saw any error on the screen to which, Gillespie replied in affirmative stating that it was a phishing scam. This was the end of the conversation as the scammers closed the chat. The researcher reported the scammer to Tawk.to chat service who then banned their account.
"Gillespie reported the scammer to Tawk.to chat service who said in a tweet that they acted to reduce them to silence, at least on the phishing site, by banning their account. The website is still reachable and getting it down may take some time,” reported Bleeping Computer.
Despite Tawk.to removing the account associated with the scammers, they have resumed their ‘chat support’ with a different name. Even worse, the fake website is still active.