Tech support scammers find a home on Microsoft TechNet pages

Security researcher finds over 3,000 TechNet pages flooded with tech support scams pushing shady phone numbers for cryptocurrency exchanges and social media platforms.
Written by Catalin Cimpanu, Contributor

Tech support scammers have created over 3,000 pages on the Microsoft TechNet portal to promote various shady services.

The reason for invading Microsoft's portal was to gain a reputational boost from the microsoft.com domain, allowing their shady ads to appear higher in search results than if they would have if they used self-hosted websites.

Also: 7 tips for SMBs to improve data security TechRepublic

All scammy pages were created on Microsoft TechNet, a portal that contains documentation for Microsoft products, discussion forums, and a downloads center for various Microsoft-related software and trialware.

The vast majority of tech support scams were set up on the gallery.technet.microsoft.com, the subdomain for the TechNet free downloads library.

Also: Microsoft details how it classifies Windows security bugs

"I was able to find a total of 3,090 results, ranging back to August 2018," Cody Johnston, the security researcher who found the pages over the weekend, told ZDNet in an interview. "Twelve new ones have been created in the last week."

"They seem to be targeting a range of areas that require support, from digital currency sites such as Binance or Bittrex to Google Wallet and Instagram," Johnston said.

Cody Johnston

The researcher told ZDNet he contacted Microsoft via Twitter on Sunday night, just after he found the pages.

Microsoft's staff intervened and removed the pages on the same day. Some remained cached in search engine results last night, but after a cursory search by ZDNet today, the pages were removed from Bing and Google's cached results as well.

Also: Researcher finds new malware persistence method leveraging Microsoft UWP apps

Johnston reported a similar issue with tech support scammers invading the Quip collaboration website (owned by Salesforce), at the end of August, and the Spotify official forum, in December 2017. Both Quip and Spotify got their tech support spam problem under control.

"I've seen more than ten websites that this is a problem on, and it's not likely to stop anytime soon, especially because it works," Johnston said, revealing that many other online services are plagued by similar issues.

Also: Why free VPNs are not a risk worth taking

"It's EXTREMELY easy to fix this problem from a developer's perspective, speaking as one myself," Johnston said. "This would take less than 5 minutes to implement, a day overall including testing and deployment."

Johnston told ZDNet the reason he started searching for tech support scams online was that of a Twitch streamer named Kitboga who has made a reputation out of calling tech support numbers as part of elaborate and highly entertaining skits.

Also: Best Home Security Devices for 2018 CNET

"His channel is what inspired me to start doing these types of searches and notifying the companies," Johnston said. Now, from a fan, Johnston has become a source, as he often collects tech support numbers and passes them along to Kitboga for use in future shows.

These are 2018's biggest hacks, leaks, and data breaches

Previous and related coverage:

What is malware? Everything you need to know

Cyber attacks and malware are one of the biggest threats on the internet. Learn about the different types of malware - and how to avoid falling victim to attacks.

Security 101: Here's how to keep your data private, step by step

This simple advice will help to protect you against hackers and government surveillance.

VPN services 2018: The ultimate guide to protecting your data on the internet

Whether you're in the office or on the road, a VPN is still one of the best ways to protect yourself on the big, bad internet.

Editorial standards