In the previous post, I described a technique where attackers combine subscription bombing and fake IT support on Microsoft Teams to gain access to a victim’s system.
However, this is not the only variation of the technique.
In some cases the attack is directed at private individuals rather than employees in an organization, and the attacker uses social media instead of corporate collaboration platforms.
The attack pattern
The beginning of the attack often looks very similar.
The victim suddenly receives a large number of emails they never signed up for.
This is typically the result of subscription bombing, where the victim’s email address is registered with hundreds of websites and mailing lists.
The goal is to create confusion and stress.
Unlike the corporate scenario, the attacker may already know that the email address is connected to personal accounts, such as:
- other social media platforms
Shortly after the spam flood begins, the attacker contacts the victim through social media messaging instead of tools like Teams.
The attacker might claim to be:
- platform support
- account security staff
- technical support
- someone who noticed suspicious activity on the account
They then offer to help fix the problem.
The objective
Just like the Teams-based variant, the attacker will often try to convince the victim to:
- install remote access software
- share login credentials
- approve suspicious login attempts
- disable security protections such as two-factor authentication
Once the attacker gains access, they may attempt to:
- take over social media accounts
- access private messages and data
- run scams from the victim’s account
- attempt password resets on other services linked to the same email address
The same scam — different channel
In many ways, this is simply another evolution of the classic fake tech support scam.
The difference is that modern attackers often create a real problem first — such as a spam flood — before contacting the victim and offering help.
The communication channel may change:
- phone calls in the past
- Microsoft Teams in corporate environments
- social media messaging for private individuals
But the core technique remains the same:
Create confusion → Offer help → Gain access