Hey everyone, just wanted to share a scam that my husband recently came across. It’s one I hadn’t heard of before, and it actually got a client who usually doesn’t fall for scams.
Here’s how it works: the scammer will enter a victim’s work email into a ton of subscription websites. This results in the victim getting flooded with subscription confirmation emails from hundreds of different sites. Once the victim’s inbox is bombarded with these messages, they’ll get a Teams call or message. In this case, it was a Teams call. The scammer pretends to be IT support, saying they noticed the victim’s inbox was flooded and offers to fix the issue by remote access. The victim, thinking it’s their IT team, gives them access, and that’s when the scammer gains full control of the computer and its contents.
I should add that the Teams settings can be changed to block outside calls and messages, but this client didn’t want that because they use Teams for outside communication. So, they ended up falling for the scam.
/u/deletedsocialmedia - This message is posted to all new submissions to this forum; please don’t message the moderators about it.
New users beware:
Because you posted here, you may start getting private messages from scammers saying they know a professional hacker or a recovery expert lawyer who can help you get your money back, for a small fee. We call these RECOVERY SCAMMERS, so NEVER take advice in private: advice should always come in the form of comments in this post, in the open, where the community can keep an eye out for you. If you take advice in private, you’re on your own.
A reminder of the rules in this forum: no contact information (including last names, phone numbers, etc). Be civil to one another (no name calling or insults). Personal army requests or “scam the scammer”/scambaiting posts are not allowed. No uncensored gore or personal photographs are allowed without blurring. A full list of rules is available on the sidebar of the forum, or click here.
You can help us by reporting recovery scammers or rule-breaking content by using the “report” button. We review 100% of the reports. Also, consider warning community members of recovery scammers if you see them in the comments.
Questions about forum rules? Send us a modmail clicking here.
That’s a risk you take when you don’t lock down your Teams or other programs and allow contact with anybody. Where I work, we have a process where people have to be vetted to access Teams, like for outside consultants and such. It’s also why you should avoid storing personal stuff on your work computer.
@Brandy
You’re absolutely right. My husband had to reset everything and restore the system back to what it was before that Teams call. The person who was scammed is actually a co-owner of the company, and they still refuse to lock Teams down in any way.
This is a pretty common tactic in cybersecurity. It’s called email bombing, and it can also be done with 2FA prompts. If they have access to the victim’s password, they can spam the 2FA requests to the device until the victim finally gives in and hits ‘allow.’ Even legitimate IT professionals at big companies have fallen for this. There are also some ransomware groups now using fake ‘Helpdesk’ Teams accounts to trick people.
Fun fact: Kevin Mitnick’s favorite social engineering technique was to get into IT support’s ticket queue and resolve some of the low-level tickets. Then, a few weeks later, he’d call up saying, ‘Hey, it’s Dave from IT, remember me? I need you to run a few scripts on your machine.’