.jpeg)
Microsoft has issued a new warning as the nightmare of “unbeatable” AI attacks is now coming true. AI, it warns, “is making it easier and cheaper to generate believable content for cyberattacks at an increasingly rapid rate.” The company highlights one type of attack that is now targeting users and which is especially dangerous.
“Tech support scams are a type of fraud where scammers trick victims into unnecessary technical support services to fix a device or software problems that don’t exist.” Such attacks include scareware, in which popups or images mimic a device fault, and unsolicited support calls. The intent is “remote access to a computer,” Microsoft says, “which lets them access all information stored on it, and on any network connected to it or install malware that gives them access to the computer and sensitive data.”
“Quick Assist,” Microsoft says, “is a tool that enables users to share their Windows or macOS device with another person over a remote connection. Tech support scammers often pretend to be legitimate IT support from well-known companies and use social engineering tactics to gain the trust of their targets. They then attempt to employ tools like Quick Assist to connect to the target’s device”
The FBI has warned users that an unsolicited support calls is almost certainly a fraud, and Google, Microsoft and others have gone further, confirming they will never place an unexpected call to a user to inform them of a fault and to help them fix it. “Legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals,” the bureau says. There are no exceptions. None.
You must never install or run apps that allow remote access to any of your devices unless you have initiated a support call through the usual, publicly available channel or through options in the OS on your device. Only then is it safe to proceed, and even then you can ask the tech support handler to confirm their legitimacy before you do.
“Quick Assist and Microsoft are not compromised in these cyberattack scenarios,” the company says, “however, the abuse of legitimate software presents risk Microsoft is focused on mitigating.” That said, it’s easy to avoid such attacks. No tech support, bank, major ecom site or other platform will call or email out of the blue to inform you of a problem. They will wait for you to notice the issue and to contact them. And you should never download and install software at the request of a caller — again, not unless you can vouch for their legitimacy and never if the contact was unsolicited.
The surge in AI attacks is a form of mass customization, which makes detection harder and makes it even more critical to observe these basic guidelines. AI enables attackers “to create highly convincing social engineering lures.” And while that’s not critical in a tech support scam, in other cases, it has completely changed the threat landscape.
