loader gif

Scammers leverage Microsoft TechNet to promote various shady services

Scammers leverage Microsoft TechNet to promote various shady services
  • A total of 3,090 fraud pages were found on Microsoft’s portal pushing fake numbers for cryptocurrency exchanges and social media platforms.
  • The scammers invaded Microsoft’s portal to gain a reputational boost from the microsoft.com domain, and legitimize their fraudulent activities.

Over 3,000 scam webpages have been created by cybercriminals on the Microsoft TechNet portal. These scam sites were created to support several shady scams, such as pushing fake numbers for cryptocurrency exchanges and social media platforms. The scam came to light after security researcher named Cody Johnston reported the matter to ZDNet.

"I was able to find a total of 3,090 results, ranging back to August 2018. Twelve new ones have been created in the last week." Johnston told to ZDNet.

The scammers invaded Microsoft’s portal to gain a reputational boost from the microsoft.com domain, and legitimize their fraudulent activities. This enabled their shady ads to appear on the top in the online search results. If instead, the cybercriminals has used self-hosted websites, it would have been rather difficult to trick online search engines into putting their scam sites on the top of a search result.

A vast majority of tech support scams were created on the gallery.technet.microsoft.com site, a part of the TechNet free downloads library.

"They seem to be targeting a range of areas that require support, from digital currency sites such as Binance or Bittrex to Google Wallet and Instagram," Johnston said, ZDNet reported.

Soon after the discovery of the issue, Microsoft’s staff were quickly implemented preventive measures. They removed all the 3,090 pages from the portal on the day the issue was disclosed. There were some caches of the pages in search engine results, but after a cursory search by ZDNet, the malicious pages were also removed from Bing and Google’s cached results as well.

Johnston explained that he had found similar issues on several other websites and that this technique is a favorite among scammers.

"I've seen more than ten websites that this is a problem on, and it's not likely to stop anytime soon, especially because it works,” Johnston said.

This problem can be fixed easily by developers, according to Johnston.

"It's EXTREMELY easy to fix this problem from a developer's perspective, speaking as one myself. This would take less than 5 minutes to implement, a day overall including testing and deployment,” Johnston said.

loader gif