Introduction | Safety snapshot | Risk briefing
Defending towards assaults | Professional profile
Microsoft maintains a steady effort to guard its platforms and prospects from fraud and abuse. From blocking imposters on Microsoft Azure and including anti-scam options to Microsoft Edge, to combating tech help fraud with new options in Home windows Fast Help, this version of Cyber Indicators takes you contained in the work underway and vital milestones achieved that shield prospects.
We’re all defenders.
Between April 2024 and April 2025, Microsoft:
Thwarted $4 billion in fraud makes an attempt.
Rejected 49,000 fraudulent partnership enrollments.
Blocked about 1.6 million bot signup makes an attempt per hour.
The evolution of AI-enhanced cyber scams
AI has began to decrease the technical bar for fraud and cybercrime actors on the lookout for their very own productiveness instruments, making it simpler and cheaper to generate plausible content material for cyberattacks at an more and more speedy price. AI software program utilized in fraud makes an attempt runs the gamut, from reputable apps misused for malicious functions to extra fraud-oriented instruments utilized by dangerous actors within the cybercrime underground.
AI instruments can scan and scrape the online for firm data, serving to cyberattackers construct detailed profiles of staff or different targets to create extremely convincing social engineering lures. In some instances, dangerous actors are luring victims into more and more complicated fraud schemes utilizing pretend AI-enhanced product opinions and AI-generated storefronts, the place scammers create whole web sites and e-commerce manufacturers, full with pretend enterprise histories and buyer testimonials. By utilizing deepfakes, voice cloning, phishing emails, and authentic-looking pretend web sites, menace actors search to look reputable at wider scale.
Based on the Microsoft Anti-Fraud Workforce, AI-powered fraud assaults are taking place globally, with a lot of the exercise coming from China and Europe, particularly Germany due partially to Germany’s standing as one of many largest e-commerce and on-line companies markets within the European Union (EU). The bigger a digital market in any area, the extra probably a proportional diploma of tried fraud will happen.
E-commerce fraud
Fraudulent e-commerce web sites might be arrange in minutes utilizing AI and different instruments requiring minimal technical information. Beforehand, it could take menace actors days or perhaps weeks to face up convincing web sites. These fraudulent web sites typically mimic reputable websites, making it difficult for shoppers to determine them as pretend.
Utilizing AI-generated product descriptions, pictures, and buyer opinions, prospects are duped into believing they’re interacting with a real service provider, exploiting shopper belief in acquainted manufacturers.
AI-powered customer support chatbots add one other layer of deception by convincingly interacting with prospects. These bots can delay chargebacks by stalling prospects with scripted excuses and manipulating complaints with AI-generated responses that make rip-off websites seem skilled.
In a multipronged strategy, Microsoft has applied sturdy defenses throughout our services to guard prospects from AI-powered fraud. Microsoft Defender for Cloud supplies complete menace safety for Azure assets, together with vulnerability assessments and menace detection for digital machines, container pictures, and endpoints.
Microsoft Edge options web site typo safety and area impersonation safety utilizing deep studying expertise to assist customers keep away from fraudulent web sites. Edge has additionally applied a machine learning-based Scareware Blocker to determine and block potential rip-off pages and misleading pop-up screens with alarming warnings claiming a pc has been compromised. These assaults attempt to frighten customers into calling fraudulent help numbers or downloading dangerous software program.
Job and employment fraud
The speedy development of generative AI has made it simpler for scammers to create pretend listings on numerous job platforms. They generate pretend profiles with stolen credentials, pretend job postings with auto-generated descriptions, and AI-powered electronic mail campaigns to phish job seekers. AI-powered interviews and automatic emails improve the credibility of job scams, making it tougher for job seekers to determine fraudulent provides.
To forestall this, job platforms ought to introduce multifactor authentication for employer accounts to make it tougher for dangerous actors to take over reputable hirers’ listings and use out there fraud-detection applied sciences to catch suspicious content material.
Fraudsters typically ask for private data, similar to resumes and even checking account particulars, underneath the guise of verifying the applicant’s data. Unsolicited textual content and electronic mail messages providing employment alternatives that promise excessive pay for minimal {qualifications} are sometimes an indicator of fraud.
Employment provides that embrace requests for fee, provides that appear too good to be true, unsolicited provides or interview requests over textual content message, and a scarcity of formal communication platforms can all be indicators of fraud.
Tech help scams
Tech help scams are a kind of fraud the place scammers trick victims into pointless technical help companies to repair a tool or software program issues that don’t exist. The scammers could then achieve distant entry to a pc—which lets them entry all data saved on it, and on any community related to it or set up malware that provides them entry to the pc and delicate information.
Tech help scams are a case the place elevated fraud dangers exist, even when AI doesn’t play a job. For instance, in mid-April 2024, Microsoft Risk Intelligence noticed the financially motivated and ransomware-focused cybercriminal group Storm-1811 abusing Home windows Fast Help software program by posing as IT help. Microsoft didn’t observe AI utilized in these assaults; Storm-1811 as an alternative impersonated reputable organizations by way of voice phishing (vishing) as a type of social engineering, convincing victims to grant them gadget entry by way of Fast Help.
Fast Help is a software that allows customers to share their Home windows or macOS gadget with one other particular person over a distant connection. Tech help scammers typically faux to be reputable IT help from well-known corporations and use social engineering techniques to realize the belief of their targets. They then try and make use of instruments like Fast Help to connect with the goal’s gadget.
Fast Help and Microsoft usually are not compromised in these cyberattack situations; nevertheless, the abuse of reputable software program presents threat Microsoft is targeted on mitigating. Knowledgeable by Microsoft’s understanding of evolving cyberattack methods, the corporate’s anti-fraud and product groups work intently collectively to enhance transparency for customers and improve fraud detection methods.
The Storm-1811 cyberattacks spotlight the aptitude of social engineering to avoid safety defenses. Social engineering includes accumulating related details about focused victims and arranging it into credible lures delivered by way of cellphone, electronic mail, textual content, or different mediums. Varied AI instruments can shortly discover, arrange, and generate data, thus performing as productiveness instruments for cyberattackers. Though AI is a brand new growth, enduring measures to counter social engineering assaults stay extremely efficient. These embrace rising worker consciousness of reputable helpdesk contact and help procedures, and making use of Zero Belief rules to implement least privilege throughout worker accounts and gadgets, thereby limiting the affect of any compromised belongings whereas they’re being addressed.
Microsoft has taken motion to mitigate assaults by Storm-1811 and different teams by suspending recognized accounts and tenants related to inauthentic conduct. When you obtain an unsolicited tech help provide, it’s probably a rip-off. At all times attain out to trusted sources for tech help. If scammers declare to be from Microsoft, we encourage you to report it on to us at https://www.microsoft.com/reportascam.
Constructing on the Safe Future Initiative (SFI), Microsoft is taking a proactive strategy to making sure our services are “Fraud-resistant by Design.” In January 2025, a brand new fraud prevention coverage was launched: Microsoft product groups should now carry out fraud prevention assessments and implement fraud controls as a part of their design course of.
Suggestions
Strengthen employer authentication: Fraudsters typically hijack reputable firm profiles or create pretend recruiters to deceive job seekers. To forestall this, job platforms ought to introduce multifactor authentication and Verified ID as a part of Microsoft Entra ID for employer accounts, making it tougher for unauthorized customers to realize management.
Monitor for AI-based recruitment scams: Firms ought to deploy deepfake detection algorithms to determine AI-generated interviews the place facial expressions and speech patterns could not align naturally.
Be cautious of internet sites and job listings that appear too good to be true: Confirm the legitimacy of internet sites by checking for safe connections (https) and utilizing instruments like Microsoft Edge’s typo safety.
Keep away from offering private data or fee particulars to unverified sources: Search for pink flags in job listings, similar to requests for fee or communication by way of casual platforms like textual content messages, WhatsApp, nonbusiness Gmail accounts, or requests to contact somebody on a private gadget for extra data.
Utilizing Microsoft’s safety sign to fight fraud
Microsoft is actively working to cease fraud makes an attempt utilizing AI and different applied sciences by evolving large-scale detection fashions based mostly on AI, similar to machine studying, to play protection by studying from and mitigating fraud makes an attempt. Machine studying is the method that helps a pc study with out direct instruction utilizing algorithms to find patterns in giant datasets. These patterns are then used to create a complete AI mannequin, permitting for predictions with excessive accuracy.
We now have developed in-product security controls that warn customers about potential malicious exercise and combine speedy detection and prevention of latest forms of assaults.
Our fraud workforce has developed area impersonation safety utilizing deep-learning expertise on the area creation stage, to assist shield towards fraudulent e-commerce web sites and pretend job listings. Microsoft Edge has included web site typo safety, and we’ve developed AI-powered pretend job detection techniques for LinkedIn.
Microsoft Defender Smartscreen is a cloud-based safety function that goals to forestall unsafe looking habits by analyzing web sites, recordsdata, and functions based mostly on their fame and conduct. It’s built-in into Home windows and the Edge browser to assist shield customers from phishing assaults, malicious web sites, and doubtlessly dangerous downloads.
Moreover, Microsoft’s Digital Crimes Unit (DCU) companions with others within the personal and public sector to disrupt the malicious infrastructure utilized by criminals perpetuating cyber-enabled fraud. The workforce’s longstanding collaboration with legislation enforcement all over the world to reply to tech help fraud has resulted in lots of of arrests and more and more extreme jail sentences worldwide. The DCU is making use of key learnings from previous actions to disrupt those that search to abuse generative AI expertise for malicious or fraudulent functions.
Fast Help options and distant assist fight tech help fraud
To assist fight tech help fraud, we’ve included warning messages to alert customers about attainable tech help scams in Fast Help earlier than they grant entry to somebody approaching them purporting to be a certified IT division or different help useful resource.
Home windows customers should learn and click on the field to acknowledge the safety threat of granting distant entry to the gadget.
Microsoft has considerably enhanced Fast Help safety for Home windows customers by leveraging its safety sign. In response to tech help scams and different threats, Microsoft now blocks a median of 4,415 suspicious Fast Help connection makes an attempt every day, accounting for roughly 5.46% of worldwide connection makes an attempt. These blocks goal connections exhibiting suspicious attributes, similar to associations with malicious actors or unverified connections.
Microsoft’s continuous deal with advancing Fast Help safeguards seeks to counter adaptive cybercriminals, who beforehand focused people opportunistically with fraudulent connection makes an attempt, however extra just lately have sought to focus on enterprises with extra organized cybercrime campaigns that Microsoft’s actions have helped disrupt.
Our Digital Fingerprinting functionality, which leverages AI and machine studying, drives these safeguards by offering fraud and threat indicators to detect fraudulent exercise. If our threat indicators detect a attainable rip-off, the Fast Help session is mechanically ended. Digital Fingerprinting works by accumulating numerous indicators to detect and stop fraud.
For enterprises combating tech help fraud, Distant Assist is one other beneficial useful resource for workers. Distant Assistance is designed for inside use inside a corporation and consists of options that make it supreme for enterprises.
By lowering scams and fraud, Microsoft goals to boost the general safety of its merchandise and shield its customers from malicious actions.
Client safety suggestions
Fraudsters exploit psychological triggers similar to urgency, shortage, and belief in social proof. Customers needs to be cautious of:
Impulse shopping for—Scammers create a way of urgency with “limited-time” offers and countdown timers.
Trusting pretend social proof—AI generates pretend opinions, influencer endorsements, and testimonials to look reputable.
Clicking on advertisements with out verification—Many rip-off websites unfold by way of AI-optimized social media advertisements. Customers ought to cross-check domains and opinions earlier than buying.
Ignoring fee safety—Keep away from direct financial institution transfers or cryptocurrency funds, which lack fraud protections.
Job seekers ought to confirm employer legitimacy, be looking out for frequent job rip-off pink flags, and keep away from sharing private or monetary data with unverified employers.
Confirm employer legitimacy—Cross-check firm particulars on LinkedIn, Glassdoor, and official web sites to confirm legitimacy.
Discover frequent job rip-off pink flags—If a job requires upfront funds for coaching supplies, certifications, or background checks, it’s probably a rip-off. Unrealistic salaries or no-experience-required distant positions needs to be approached with skepticism. Emails from free domains (similar to johndoehr@gmail.com as an alternative of hr@firm.com) are additionally sometimes indicators of fraudulent exercise.
Be cautious of AI-generated interviews and communications—If a video interview appears unnatural, with lip-syncing delays, robotic speech, or odd facial expressions, it could possibly be deepfake expertise at work. Job seekers ought to at all times confirm recruiter credentials by way of the corporate’s official web site earlier than participating in any additional discussions.
Keep away from sharing private or monetary data—Certainly not must you present a Social Safety quantity, banking particulars, or passwords to an unverified employer.
Microsoft can be a member of the World Anti-Rip-off Alliance (GASA), which goals to deliver governments, legislation enforcement, shopper safety organizations, monetary authorities and suppliers, model safety companies, social media, web service suppliers, and cybersecurity corporations collectively to share information and shield shoppers from getting scammed.
Suggestions
Distant Assist: Microsoft recommends utilizing Distant Assist as an alternative of Fast Help for inside tech help. Distant Assistance is designed for inside use inside a corporation and incorporates a number of options designed to boost safety and reduce the danger of tech help hacks. It’s engineered for use solely inside a corporation’s tenant, offering a safer various to Fast Help.
Digital Fingerprinting: This identifies malicious behaviors and ties them again to particular people. This helps in monitoring and stopping unauthorized entry.
Blocking full management requests: Fast Help now consists of warnings and requires customers to examine a field acknowledging the safety implications of sharing their display screen. This provides a layer of useful “safety friction” by prompting customers who could also be multitasking or preoccupied to pause to finish an authorization step.
Kelly Bissell: A cybersecurity pioneer combating fraud within the new period of AI
Kelly Bissell’s journey into cybersecurity started unexpectedly in 1990. Initially working in pc science, Kelly was concerned in constructing software program for healthcare affected person accounting and working techniques at Medaphis and Bellsouth, now AT&T.
His curiosity in cybersecurity was sparked when he observed somebody logged right into a cellphone swap making an attempt to get free long-distance calls and traced the intruder again to Romania. This incident marked the start of Kelly’s profession in cybersecurity.
“I stayed in cybersecurity looking for dangerous actors, integrating safety controls for lots of of corporations, and serving to form the NIST safety frameworks and rules similar to FFIEC, PCI, NERC-CIP,” he explains.
Presently, Kelly is Company Vice President of Anti-Fraud and Product Abuse inside Microsoft Safety. Microsoft’s fraud workforce employs machine studying and AI to construct higher detection code and perceive fraud operations. They use AI-powered options to detect and stop cyberthreats, leveraging superior fraud detection frameworks that constantly study and evolve.
“Cybercrime is a trillion-dollar downside, and it’s been going up yearly for the previous 30 years. I believe we’ve a possibility in the present day to undertake AI sooner so we are able to detect and shut the hole of publicity shortly. Now we’ve AI that may make a distinction at scale and assist us construct safety and fraud protections into our merchandise a lot sooner.”
Beforehand Kelly managed the Microsoft Detection and Response Workforce (DART) and created the World Looking, Oversight, and Strategic Triage (GHOST) workforce that detected and responded to attackers similar to Storm-0558 and Midnight Blizzard.
Previous to Microsoft, throughout his time at Accenture and Deloitte, Kelly collaborated with corporations and labored extensively with authorities companies just like the Division of Homeland Safety’s Cybersecurity and Infrastructure Safety Company (CISA) and the Federal Bureau of Investigation, the place he helped construct safety techniques inside their operations.
His time as Chief Info Safety Officer (CISO) at a financial institution uncovered him to addressing each cybersecurity and fraud, resulting in his involvement in shaping regulatory pointers to guard banks and finally Microsoft.
Kelly has additionally performed a major position in shaping rules across the Nationwide Institute of Requirements and Expertise (NIST) and Cost Card Trade (PCI) compliance, which helps make sure the safety of companies’ bank card transactions, amongst others.
Internationally, Kelly performed a vital position in serving to set up companies and enhance cybersecurity measures. As a marketing consultant in London, he helped rise up the UK’s Nationwide Cyber Safety Centre (NCSC), which is a part of the Authorities Communications Headquarters (GCHQ), the equal of CISA. Kelly’s efforts in content material moderation with a number of social media corporations, together with YouTube, had been instrumental in eradicating dangerous content material.
That’s why he’s enthusiastic about Microsoft’s partnership with GASA. GASA brings collectively governments, legislation enforcement, shopper safety organizations, monetary authorities, web service suppliers, cybersecurity corporations, and others to share information and outline joint actions to guard shoppers from getting scammed.
“If I shield Microsoft, that’s good, however it’s not ample. In the identical manner, if Apple does their factor, and Google does their factor, but when we’re not working collectively, we’ve all missed the larger alternative. We should share cybercrime data with one another and educate the general public. If we are able to have a three-pronged strategy of tech corporations constructing safety and fraud safety into their merchandise, public consciousness, and sharing cybercrime and fraudster data with legislation enforcement, I believe we are able to make a giant distinction,” he says.
Subsequent steps with Microsoft Safety
To study extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our professional protection on safety issues. Additionally, comply with us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the newest information and updates on cybersecurity.
Methodology: Microsoft platforms and companies, together with Azure, Microsoft Defender for Workplace, Microsoft Risk Intelligence, and Microsoft Digital Crimes Unit (DCU), offered anonymized information on menace actor exercise and developments. Moreover, Microsoft Entra ID offered anonymized information on menace exercise, similar to malicious electronic mail accounts, phishing emails, and attacker motion inside networks. Further insights are from the every day safety indicators gained throughout Microsoft, together with the cloud, endpoints, the clever edge, and telemetry from Microsoft platforms and companies. The $4 billion determine represents an aggregated complete of fraud and rip-off makes an attempt towards Microsoft and our prospects in shopper and enterprise segments (in 12 months).
