Scammers spam the Microsoft TechNet Forums with advertisements that should make it easier to find their questionable support hot line numbers on Google. With the method they hope to trick unsuspecting victims to call the numbers for technical support. While Microsoft tries to remove the pages, it seems it can’t keep up with amount of pages the spammers create.
As you can see from my last Tweet, @Microsoft is now in a bit of trouble. It seems that the @msftsecurity team is doing a pretty good job of eradicating these accounts, but this is the top page of Google within the last month. pic.twitter.com/jwRTYyK63n
— AdwareHunter (@AdwareHunter) September 9, 2018
By spamming Microsoft’s website, they receive a reputation boost from the Microsoft.com domain which causes their spam to appear earlier in the search results than when they would have used self-hosted websites. The scammers especially abuse the free download portal from Microsoft, the TechNet Gallery pages. Pages generated on TechNet Gallery receive a URL under the Microsoft.com domain, which makes search engines believe the pages are part of the Microsoft website.
Security researcher Cody Johnston, who discovered the new spam method, found similar pages on the Spotify forums.
The spam pages try to convince unsuspecting victims to call expensive paid hot lines. Most spam messages advertise a phone number that appears to belong to the well-known cryptocurrency exchanges like Binance, Bittrex or Coinbase. In reality, users will end up calling the scammers that could e.g. try to get access to the cryptocurrency wallet of the victim.