A fake audio message from Microsoft invites users to call a phone number to defend themselves against a Trojan attack. But it's a phishing campaign
The Postal Police raises the alarm and the State Police raises it on their social accounts: in recent hours a fake audio message attributed to Microsoft that aims to steal users' personal data has been circulating on the web. This is not the first time that the police have raised the alarm about this type of scams that have a very specific operation and objectives. The name of this scam is phishing and it tries to get users to "bite" in order to steal their personal data and bank account credentials.
The way it works is always the same: you publish online or send a message to a user inviting him to click on a link to save his credentials. The scammers usually use the name of well-known multinationals or government agencies to give even more strength to their tricks. In the text of the message there is always a reference to some undelivered mail or intrusion attempt by supposed hackers. In reality it is just an excuse to make people click on the link in the text.
Fake Microsoft audio: what's going on
In this case hackers have "borrowed" the name of Microsoft to launch their phishing campaign. We would like to say that Microsoft is completely unaware of this scam and is itself a victim. The message usually appears when surfing unsafe websites: suddenly alerts appear about supposed trojan virus infections that would have infected the PC. Listening to the audio message, an inexperienced user may fall into the trap and immediately call the number on the web page.
The text of the fake Microsoft audio message
The audio message uses rather clear words that create panic especially in people with little experience with the world of PCs and the Internet. In addition to the audio message, a text message appears on the screen: "Microsoft Security Alert. Your computer has alerted us that it has been infected with critical Trojans, these viruses are sending your credit card details, login credentials and private, personal details to hackers via remote IP addresses. Please call us immediately at the listed toll-free number so that our Microsoft support engineers can walk you through the removal process over the phone. Se chiudi questa pagina prima di chiamarci saremo costretti a disabilitare il tuo computer per impedire un ulteriore danno alla nostra rete e spediremo copia di questo rapporto alla cyber security perché intraprendano ulteriori azioni"
Il messaggio ha un tono molto allarmistico perché vuole convincere l’utente a chiamare il numero di telefono. Non fatelo per nessun motivo: vi verrà addebitata solamente una grossa somma da pagare sulla bolletta telefonica.
Come difendersi dagli attacchi phishing
I consigli per difendersi dagli attacchi phishing sono sempre gli stessi:
- Non bisogna mai cliccare su link presenti nei messaggi ricevuti da persone che non si conoscono o che appaiono sui siti web.
- Installare un buon antivirus.
- Eliminare immediatamente qualsiasi messaggio ed e-mail che vi invita a inserire le credenziali dei vostri account personali.