Latest news with #QuickAssist
Time of India
21-04-2025
- Business
- Time of India
Microsoft reveals how AI tools have made e-commerce fraud, job scams and tech support frauds more dangerous
Microsoft, in its latest Cyber Signals report, says that artificial intelligence has significantly lowered barriers for cybercriminals, enabling more sophisticated and convincing fraud schemes. Between April 2024 and April 2025, Microsoft thwarted $4 billion in fraud attempts, rejected 49,000 fraudulent partnership enrollments, and blocked approximately 1.6 million bot signup attempts per hour. E-commerce fraud: AI creates convincing fake storefronts in minutes AI tools now allow fraudsters to create convincing e-commerce websites in minutes rather than days or weeks. These sites feature AI-generated product descriptions, images, and fake customer reviews that mimic legitimate businesses. AI-powered customer service chatbots add another layer of deception, interacting with customers and stalling complaints with scripted excuses to delay chargebacks. Microsoft reports that much of this AI-powered fraud originates from China and Germany, with the latter being targeted due to its status as one of the largest e-commerce markets in the European Union. To combat these threats, Microsoft has implemented fraud detection systems across its products, including Microsoft Defender for Cloud and Microsoft Edge, which features website typo protection and domain impersonation detection using deep learning technology. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Sunteck Beach Residences (SBR) Mumbai Sunteck Book Now Undo Job scams: AI powers fake interviews and employment offers Employment fraud has evolved with generative AI enabling scammers to create fake job listings, stolen credentials, and AI-powered email campaigns targeting job seekers. These scams often appear legitimate through AI-powered interviews and automated correspondence, making it increasingly difficult to identify fraudulent offers. Warning signs include unsolicited job offers promising high pay for minimal qualifications, requests for personal information including bank details, and offers that seem too good to be true. Microsoft advises job seekers to verify employer legitimacy by cross-checking company details on official websites and platforms like LinkedIn , and to be wary of emails from free domains rather than official company email addresses. Tech support fraud: AI enhances social engineering attacks While some tech support scams don't yet leverage AI, Microsoft has observed financially motivated groups like Storm-1811 impersonating IT support through voice phishing to gain access to victims' devices through legitimate tools like Windows Quick Assist. AI tools can expedite the collection and organization of information about targeted victims to create more credible social engineering lures. In response, Microsoft blocks an average of 4,415 suspicious Quick Assist connection attempts daily—approximately 5.46% of global connection attempts. The company has implemented warning messages in Quick Assist to alert users about possible scams before they grant access to their devices and developed a Digital Fingerprinting capability that leverages AI and machine learning to detect and prevent fraud. Microsoft is taking a proactive approach to fraud prevention through its Secure Future Initiative. In January 2025, the company introduced a new policy requiring product teams to perform fraud prevention assessments and implement fraud controls as part of their design process. Microsoft has also joined the Global Anti-Scam Alliance to collaborate with governments, law enforcement, and other organizations to protect consumers from scams.
Forbes
18-04-2025
- Forbes
Do Not Use These Apps—Microsoft Warns Windows And Mac Users
New AI scams are soaring. NurPhoto via Getty Images Microsoft has issued a new warning as the nightmare of 'unbeatable' AI attacks is now coming true. AI, it warns, 'is making it easier and cheaper to generate believable content for cyberattacks at an increasingly rapid rate.' The company highlights one type of attack that is now targeting users and which is especially dangerous. 'Tech support scams are a type of fraud where scammers trick victims into unnecessary technical support services to fix a device or software problems that don't exist.' Such attacks include scareware, in which popups or images mimic a device fault, and unsolicited support calls. The intent is 'remote access to a computer,' Microsoft says, 'which lets them access all information stored on it, and on any network connected to it or install malware that gives them access to the computer and sensitive data.' 'Quick Assist,' Microsoft says, 'is a tool that enables users to share their Windows or macOS device with another person over a remote connection. Tech support scammers often pretend to be legitimate IT support from well-known companies and use social engineering tactics to gain the trust of their targets. They then attempt to employ tools like Quick Assist to connect to the target's device.' The FBI has warned users that an unsolicited support calls is almost certainly a fraud, and Google, Microsoft and others have gone further, confirming they will never place an unexpected call to a user to inform them of a fault and to help them fix it. 'Legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals,' the bureau says. There are no exceptions. None. You must never install or run apps that allow remote access to any of your devices unless you have initiated a support call through the usual, publicly available channel or through options in the OS on your device. Only then is it safe to proceed, and even then you can ask the tech support handler to confirm their legitimacy before you do. 'Quick Assist and Microsoft are not compromised in these cyberattack scenarios,' the company says, 'however, the abuse of legitimate software presents risk Microsoft is focused on mitigating.' That said, it's easy to avoid such attacks. No tech support, bank, major ecom site or other platform will call or email out of the blue to inform you of a problem. They will wait for you to notice the issue and to contact them. And you should never download and install software at the request of a caller — again, not unless you can vouch for their legitimacy and never if the contact was unsolicited. The surge in AI attacks is a form of mass customization, which makes detection harder and makes it even more critical to observe these basic guidelines. AI enables attackers 'to create highly convincing social engineering lures.' And while that's not critical in a tech support scam, in other cases, it has completely changed the threat landscape.
