Microsoft says don’t trust phony call centers and malicious Excel files

Cybercrime keeps getting more elaborate.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

What you need to know

What you need to know

There’s aransomware campaigngoing on called BazaCall. It’s been circulating for months, butMicrosoft Security Intelligenceis now publicizing its major points on Twitter with screenshots to help inform the average person of how to stay safe (viaZDNet).

Here’s how BazaCall works. First, you’ll receive an email saying a subscription service of yours is up for renewal, and you’ll be invited to call a phone number to cancel if you wish.

When you call, you’ll be told to go to a website and download an Excel file. That file contains the macro that gets the payload onto your machine, crippling you with ransomware.

We’re tracking an active BazaCall malware campaign leading to human-operated attacks and ransomware deployment. BazaCall campaigns use emails that lure recipients to call a number to cancel their supposed subscription to a certain service.pic.twitter.com/RS5wGSndhvWe’re tracking an active BazaCall malware campaign leading to human-operated attacks and ransomware deployment. BazaCall campaigns use emails that lure recipients to call a number to cancel their supposed subscription to a certain service.pic.twitter.com/RS5wGSndhv— Microsoft Security Intelligence (@MsftSecIntel)June 22, 2021June 22, 2021

It sounds like a dumb plot on paper, but in reality, decently written emails and full-on fake call centers can present the appearance of a legitimate operation to the gullible, uninformed, or inattentive. As Microsoft mentions in its tweet thread discussing BazaCall, the threat is made even more complex by the fact that there’s nothing overtly malicious in the emails themselves, making danger harder to detect.

The name BazaCall stems from the malware the campaign distributed in the beginning: BazaLoader. Though it’s been kicking around for a bit, it seems the efforts to spread ransomware are amping up as people get wise to classic tricks.

Today we’re dealing with harmless emails, con-job call centers, and dangerous Excel files. What happens tomorrow? Do fraudsters legally register and operate entirely legitimate businesses solely to have addresses and phone numbers for swindles on the side? Aside from the fact that that already happens, the point is that ransomware may seem like a foreign concern at the moment, but be ready: Cybercriminals are working overtime to drag you into their net, no matter how elaborate of a scheme such a victory requires.

Get the Windows Central Newsletter

Get the Windows Central Newsletter

All the latest news, reviews, and guides for Windows and Xbox diehards.

Robert Carnevale is the News Editor for Windows Central. He’s a big fan of Kinect (it lives on in his heart), Sonic the Hedgehog, and the legendary intersection of those two titans, Sonic Free Riders. He is the author ofCold War 2395. Have a useful tip? Send it to robert.carnevale@futurenet.com.