Advisory: Tech Support Scam via Malicious Ads Using Windows.net URLs

Tech support scammers are increasingly targeting banks and credit unions through malicious online ads. These “malvertising” campaigns redirect users to fake Microsoft-branded pages designed to deceive and exploit them.

We’re seeing an active tech support scam targeting banks and credit unions. The initial interaction appears to come from malicious online ads (malvertising) that redirect users to deceptive Microsoft-branded pages.

Summary of the scam

Users click or are redirected by a malicious ad.
They land on a windows[]net URL that looks Microsoft-related and may include a phone number embedded in the link.
The page claims a Microsoft Teams or general Microsoft support issue and urges the user to call “support.”
The caller is then pressured to install or allow a remote access tool, likely intended for initial access into the environment.

What to watch for

windows[.]net links outside normal business use, especially those with phone numbers in the URL.
Pop-ups/pages claiming “Teams issue,” “account locked,” or “call Microsoft support now.”
Unsolicited Microsoft support prompts that don’t route through known Microsoft domains.

Guidance

Do not call phone numbers from ads, pop-ups, or unfamiliar Microsoft support pages.
Close the tab and contact your internal IT/helpdesk through your normal process.
Avoid installing remote support tools unless explicitly directed by your organization.
If someone did call or granted access, treat it as a security incident and report it immediately.

Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software Vulnerability

James Bruhl

Director of Cyber Threat Intelligence

James Bruhl is the Director of Cyber Threat Intelligence for DefenseStorm. He joined the company with 15 years of experience as a law enforcement officer, bringing extensive experience in crime prevention, evidence collection, investigative techniques, and crisis management. Driven by a passion for technological advancements and the ever-evolving landscape of digital threats, he transitioned to the field of digital forensics, incident response, and cybersecurity. In his role, he honed his skills in analyzing digital evidence, identifying cyber threats, and implementing robust security measures specializing in forensic examinations on various devices to uncover critical information and support investigations. James began at DefenseStorm as a security engineer in 2020 and developed DefenseStorm’s EDR Service. He was then appointed as Director of Cyber Threat Intelligence in 2022 and is responsible for nearly all facets of the EDR service. During his cyber career, James has been instrumental in proactively detecting and responding to cyber incidents and plays a vital role in incident response teams, coordination efforts to mitigate the impact of breaches, vulnerability identification, and strategy implementation to prevent future attacks. He continues to share his expertise by conducting training sessions, participating in conferences, and writing articles on topics related to digital forensics, incident response, and cybersecurity. James holds a bachelor’s in criminal justice from the University of North Georgia and a GCFE certification.