Threat Management, Malware, Threat Management

Scammers pose as Microsoft support, look to install malware


Researchers at Tripwire warn of cyberscammers calling victims during the holiday season and posing as Microsoft tech support in order to gain access to a victim's computer and load malware.

Lamar Bailey, senior director of security research and development at Tripwire, told cybercriminals use “robo calls” to tell unsuspecting consumers they work for Microsoft and have identified malware on the potential victims' computer. Once a call is answered, the consumer is transferred to a call center in India where a worker will read a script directing the victim to unwittingly install malware.

The researchers spotted several types of malware being unloaded in different cases and said most of it looks to steal financial login credentials and payment card data. 

“Most people simply don't imagine that a cyberattack can be initiated over the phone, but these scams ultimately lead to malware being installed on your computer,” Bailey said in comments emailed to

Bailey noted that the call center workers may not be in on the scam and might not know that they are helping to infect users with malware. He said that when potential victims deviate from the script, the call center spokesperson will often become flustered and not know what to do.

“Microsoft won't call you to say something's wrong with your computer,” Bailey said.

“If you're concerned that the call might be legitimate and you want to ensure you're not missing something, hanging up and calling the organization or company back on a verifiable phone number is a good policy," he explained. "If you're having a hard time understanding which actual company to call, that's probably a red flag.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.