FBI Warning—Do Not Call Any Of These Phone Numbers

FBI Warning—Do Not Call Any Of These Phone Numbers

A stark FBI warning has just come to life on social media, with an attack on Microsoft users going horribly wrong — at least from the hacker's perspective. This viral story of the week serves as a reminder that sometimes it really is good to put a face to a name.

"Legitimate companies will never call you and offer tech support out of the blue," the bureau says. "If you get a call like this, hang up." And even more critically, "never let someone claiming to be tech support have remote access to your device." If you do, then you risk your device being infected with malware, your security credentials and data being stolen, and ultimately your bank account being "drained."

But there's now a twist on this warning. Attackers don't call you — you call them. It starts with a popup. A warning that there's a fault with your device or your security or an account issue. The popup includes a number to call and a message urging you to make that call immediately before the problem gets worse. You are now under attack.

Just as companies like Microsoft, Google, Apple, and Meta won't call you, they won't trigger a popup on your screen with a number to call. They won't email you with account warnings alongside sign-in links or helpdesk numbers. This is always an attack.

Meet Gaurav Trivedi, who runs exactly this scam "out of his apartment complex in Raebareli, India." His attack starts with one of these popups that locks your screen, blares a loud warning sound, and voices a warning that a restart will spread a virus. The popup "tells you to call 'Microsoft' immediately or risk losing all your data."

Unfortunately for Mr Trivedi, one of his intended victims was NanoBaiter, who has now shared his table-turning story with 42 million X users.

"When Gaurav tried it on me… I gave him access to my virtual machine and used it to hack into his system instead," said NanoBaiter. "The OpSec deployed by Mr Trivedi was non-existent, somewhat surprisingly given his chosen trade."

NanoBaiter says that by reversing the remote viewing software pushed out to him, "I accessed his webcam and snapped a clear shot of his face. He pulled up the softphone dialer and boom, his real name appeared on the screen: Gaurav Trivedi." The wifi card on his laptop was active, letting me trace his exact location,"

This apparently enabled NanoBaiter to get "a front-row seat to his life, watching him eat, sleep, and then scam innocent people… all through his webcam."

Microsoft's Warning: ClickFix and Other Scams

Microsoft has just issued a longform warning about such popup attacks, the most common form of which is ClickFix, which tricks you into running a script on your PC to install malware, rather than calling a number.

The social engineering is the same. Google has warned specifically about these tech support scams, whether or not you call them or they call you.

If you see a popup on your screen, exit the popup or app if you can. If you can't exit, then do not hesitate to force restart the device.