Windows Defender Advanced Threat Protection email scam (fake) - Free Guide

What is Windows Defender Advanced Threat Protection email scam?

Windows Defender Advanced Threat Protection is an email scam that aims to steal your money

Windows Defender Advanced Threat Protection is an email scam that attempts to make you call the fake tech support number

Windows Defender Advanced Threat Protection email scam might arrive at any given time and may be placed in your Inbox. While it may initially seem like the message comes from Microsoft, it is actually a scam. The main goal of email authors is to trick people into calling fake support numbers, where they could be convinced to pay technical support or software fees. Whatever you do, never call the provided phone number or click on links if such are presented within the email, as you may lose money to scammers or end up infecting your system with malware.^[1]

How scammers operate

Email scams are all too common – criminals either want to infect users with malware, extract sensitive information like login credentials, or make people pay for useless services that never actually took place, as it is the case with the Windows Defender Advanced Threat Protection email scam. Either way, victims end up facing serious consequences if they get tricked by these social engineering^[2] techniques.

Scammers usually compile an email that is later sent to a large number of victims automatically; the email addresses are typically bought on underground forums, where information from data breaches is easily accessible. Having your email leaked is a rather common occurrence, and that's where all the spam usually comes from. Fortunately, cybercriminals don't usually acquire account passwords, and the only information they can go on is email.

In this case, the scheme is operated as your typical tech support scam, where crooks give users the pretense of calling the provided phone number. They claim that users have already been charged 650.99 USD (sum may vary) for the Windows Defender subscription for one year:

Dear Customer

Thanks for using Windows Defender Advanced Threat Protection.

We thank you for completion of 1 Year.

We tried to contact you on your registered email ID but couldn't get through.

Date:
Amount Paid: 650.99 USD

Customer Support Agent on +1(888) 819-2174
Invoice Number: RUY0-6HJEY-5IUK

Description
Windows Defender Advanced Threat Protection
Firewall & Network Protection
Amount $650.99
Total $659.99

If you have any queries about this invoice, simply reach out to our Support Executive on +1(888) 819-2174 (Toll Free) for help.

You have 24 Hours to refund this charge from the Date of transaction without being charges.

Our Support Team will gladly assist you with any questions or request.

Regards, Microsoft Support Team

While some users may instantly spot deception, the malicious intent might not always be detected by less experienced users because the email is using the official Microsoft logo for Windows and Defender. Despite this, there are plenty of signs that can immediately point at the email being fraudulent.

The fake email claims that you have already paid for a subscription, although this is not true. Microsoft Defender is a free anti-virus

First of all, Windows Defender is a free anti-virus software that comes pre-installed with every Windows OS, so it simply makes no sense to pay for it. Besides, even the name of the security software is not accurate, as it was renamed Microsoft Defender in 2020, and official sources would never call its product by its outdated name.

Also, you have your general signs of fraud, such as an email address that makes no sense of being that from Microsoft. It is also worth noting that the Windows Defender Advanced Threat Protection scam never calls you by your real name simply because crooks have no idea what it is. Finally, no company randomly charges you for some type of subscription, at least not for the one you have never subscribed to.

Microsoft and Windows names have been used by scammers for a very long time, primarily because the company is so broadly known. For example, just recently, we described a very similar email Microsoft Defender Subscription Invoice, which attempts to trick users in a very similar manner.

How to deal with the fake email

Your first task is not to panic, as you may think that a large sum of money is gone from your bank account. The best thing in such a situation is to verify these claims, especially if you aren't sure whether the email is real or not. You can simply visit your online banking account and check for suspicious money transfers – you'll see that there's no charge for “Windows Defender Advanced Threat Protection” or something among those lines.

The most important thing is not to call the provided phone number, as that's precisely the goal of cybercriminals. They count on people who would immediately think to themselves that they have never subscribed to anything like that and would be willing to call to clear up the situation. Another piece of advice here is to always retrieve the support number from the official website instead of that provided in an email or on some random page.

If you have already called these scammers, they may ask you to allow remote control of your device or send you links or even software installers. If this has happened to you, please make sure you scan your system with SpyHunter 5Combo Cleaner or Malwarebytes security software immediately to make sure no malware is present on your PC. Even if you did not call the attackers, it is best to make sure that no malware is running in the background. We also recommend clearing web browsers with the help of the FortectIntego maintenance utility.

If you have provided your contact information, such as a phone number, keep in mind that you may be targeted by future scam campaigns, and receive more phishing^[3] emails or phony phone calls.