This post is also available in:
עברית (Hebrew)
An extensive investigation involving law enforcement agencies from India, the UK, and the US has led to the takedown of a global scam operation that was impersonating Microsoft to defraud computer users. The operation, which targeted victims with fake technical support messages and unsolicited calls, highlights the evolving tactics used in social engineering attacks and the need for coordinated international responses.
The fraud relied on deceptive pop-up alerts and cold calls claiming to be from Microsoft support. Victims were warned that their systems had been compromised and were encouraged to call a number or accept help from a so-called technician. In reality, the attackers used remote access tools to simulate a problem, then charged users for unnecessary “repairs” or software.
UK victims alone lost an estimated £390,000. The fraudsters used spoofed caller IDs and routed communications through international VoIP services, masking the origin of the calls and making them appear credible. The scam also reached users in the United States, prompting cooperation between the UK’s National Crime Agency (NCA), the US Federal Bureau of Investigation (FBI), and Microsoft’s own cybercrime team.
The personnel behind the scam operated out of India. Once investigators compiled evidence from victim reports, server records, and Microsoft’s internal tracking, authorities in India arrested two individuals connected to the scheme.
This case underscores how criminals are increasingly exploiting familiar tech-related concerns—such as device security—to trick individuals into transferring funds or giving remote access to their systems. The operation also highlights the value of data sharing across borders and between public and private sectors in tracking down and dismantling cyber-enabled fraud. Officials involved in the investigation emphasized the importance of continued cooperation in tackling economic crimes that rely on cross-border infrastructure and false identities.
Authorities urge users to remain skeptical of unsolicited tech support calls and never to share remote access unless they initiate the request with a verified service provider.
