'Windows Defender Advanced Threat Protection' Scam

The 'Windows Defender Advanced Threat Protection' scam is an operation that tries to trick unsuspecting users into calling a provided phone number. The lure emails are presented as notifications coming from Microsoft, regarding a 1-year subscription to 'Windows Defender Advanced Threat Protection / Firewall & Network Protection.' The fake emails pretend to an invoice about the supposed transaction.

To get users to act as fast as possible, the fraudsters claim that users will be charged the hefty sum of $650. The lure message claim that Microsoft has tried unsuccessfully to contact the user on a specified date. Now, recipients apparently have just 24 hours to call the phone number provided in the fake emails, talk to a Support Executive and refund the charge. Of course, none of the claims made by these emails should be taken seriously. Furthermore, Microsoft has absolutely no connection to these messages and its name and brand are simply exploited as a way to make the decoy messages appear more legitimate.

Users are strongly discouraged from following the instructions delivered via the 'Windows Defender Advanced Threat Protection' scam emails. Calling the number is likely to lead to an operator working for the con artists. Users could be asked to provide a remote connection to their devices to refund the charge, as part of some elaborate fake scenario. If successful, the fraudsters could deploy harmful malware threats, such as spyware, RATs, backdoors, ransomware, etc. The con artists also could utilize various social-engineering tactics as a way to trick users into revealing private or confidential information.