Mikeserv Support Forum

Trick #1: Fake Helpdesk page via Microsoft Learn

We found this ad while looking for Microsoft support live agents. The top (sponsored) result looks like it was bought by Microsoft itself with its official logo and URL.

Users who click on the ad are redirected to a legitimate Microsoft website (learn.microsoft.com) showing Microsoft’s “official” phone number. This page has the look and feel of a genuine knowledge base article especially since it appears to be posted by “Microsoft Support”:

Clicking the 3 dots beside the ad reveals that it actually doesn’t belong to Microsoft at all, but instead was paid for by an advertiser from Vietnam. This does not mean this is the actual scammer, simply that this account may have been compromised and is being used to create malicious ads.

As for the Microsoft page, it was created by a scammer via a fake Microsoft Support profile using Microsoft Learn collections.

Microsoft Learn Collections is a feature available to anyone with a Microsoft Learn profile. Collections allow you to create curated lists of Microsoft Learn content to share with your followers. A collection can include documentation articles, training modules, learning paths, videos, code samples, and more.

The second (unrelated) ad campaign we saw is using a different tactic but also starts with a Google ad. When victims clicking on it, it will launch a search query page via microsoft.com/en-us/search/explore.

This clever trick works by passing the following parameters to the URL:

Call+%2B1+%28844%29+327-5425++Microsoft+Support+%28USA%29

When the page finishes loading, it will display what looks like a contact number from Microsoft. In a way, this is a form of advertisement that totally abuses what the Microsoft search feature was intended for: