Don't Fall for the Call

How to Recognize and Avoid IT Support Scams

Aug 30, 2025

IT support scams are back and on the rise. Over the past few weeks, the reports of vendor phone calls and emails claiming to contact people about suspicious activity in their accounts have skyrocketed.

Do Not Fall for the Scam

Google, and Microsoft, will NEVER call your or email you to start a service or support call. Let me repeat that, but this time in bold. Google, and Microsoft, will NEVER call your or email you to start a service or support call.

Some of these calls and emails attempt to get you to enter your username and password into a fake web page.

Many of these attacks request the multi-factor authentication (MFA) code. The attackers initiate a password reset. If given the MFA code, they access the account and can change credentials, access other services, and exfiltrate information.

It is more difficult to spot fake landing and sign in pages

While historically easy to spot, attackers use generative AI to create sophisticated fake login pages.

Attackers are also using legitimate landing page, marketing, or document tools. The link in the email may open a validly hosted page or document with instructions and another link that, in turn, takes you to the fake login page.

As the hackers take you through a legitimate service, as a pass-through, you may be less likely to notice that the page asking for your credentials is fake. This method is also more difficult to combat since the pass-through may require valid credentials for access.

Steps You Can Take

You can take a few simple steps to prevent these types of attacks from successfully damaging your business.

Education: Inform and educate your team about current and emerging cyber attack methods, what to look for, and how to handle suspicious activity. Cyber Awareness Training, if well managed, is an affordable means to keep security top of mind.

Advanced Email Threat Protection: Email threat protection focused on sender domains, links, and attachments is not enough. Attackers use masking, images, and QR codes beyond the capabilities of many email protection services. Upgrading to a more robust service will provide better protections. Solutions that provide banners and “one-click response” better empower users to flag and manage suspect messages.

We Will Help

Our Cloud Advisors are here to assist. They will:

Assess your current security profile and protections
Prioritize options and recommendations for security improvements
Help you plan and budget for any changes
Deploy and co-manage your security solutions to keep you protected.

Book a call with one of our Cloud Advisors now to begin your security review and improvements.

Schedule Time with a Cloud Advisor

About the Author

Bill Seybolt bio picture — Bill is a Senior Cloud Advisor responsible for helping small and midsize organizations with cloud forward solutions that meet their business needs, priorities, and budgets. Bill works with executives, leaders, and team members to understand workflows, identify strategic goals and tactical requirements, and design solutions and implementation phases. Having helped over 200 organizations successfully adopt cloud solutions, his expertise and working style ensure a comfortable experience effective change management.

Cloud Think

Discussion about this post

Ready for more?