Fraudulent phone calls from fake Microsoft technical support

31 Mar 2022 Warnings

What is going on?

Cybersecurity Team of Masaryk University has recently received several reports from users about fraudulent calls to Masaryk University's specialist workplaces.

Attackers use coercion to try to encourage the user to install remote access software (TeamViewer, AnyDesk) on their device. They argue that they urgently need to solve a problem in the facility. After the software is installed, the victim communicates code that allows the attacker to seize his device and perform any action. This method of social engineering is called Vishing.

Following these instructions may result in theft of your sensitive data, work data, installation of malicious code (such as encrypting your device with ransomware), or otherwise harm your device.

To remember

Microsoft Technical Support will never contact you directly as an individual to report a problem with your device.
Warning messages from Microsoft never include a telephone contact to call.
Do not answer the phone and hang up.
Please report this incident immediately to the Cyber Security Team of Masaryk University.

The Police of the Czech Republic recently issued a warning against a similar type of attack. In this case, the attacker uses phone calls, text messages, or e-mails to convince you that your funds are at risk, and you must take immediate steps to save them. However, if your money was at risk, your bank would react and take further action. Again, this is Vishing to which it is best not to respond.

Conclusion

Be careful and never share any information or take any action without verifying the authority of the person or organization. If in doubt, please contact our team at csirt@muni.cz. Our security experts will contact you soon.