Cybersecurity experts are sounding the alarm over a dangerous new wave of digital break-ins that start with simple Fake Tech Support Calls and end with hackers taking over entire corporate networks. This isn’t your typical automated scam; it is a highly coordinated operation where criminals pretend to be your company’s own tech support team to bypass security and plant a “Demon” inside your computer.

By using a mix of psychological pressure and high-tech trickery, these attackers are moving through office networks at lightning speed. In some cases, they have managed to compromise nearly a dozen computers in less than a day, setting the stage for massive data theft or a total system lockout.

The Trap: It Starts with a Flooded Inbox

The nightmare begins when an employee finds their inbox suddenly buried under thousands of junk emails. This is known as “email bombing,” and it is designed to frustrate the victim and make them desperate for a solution. Just as the employee is drowning in spam, they receive one of these Fake Tech Support Calls. On the other side is a person claiming to be from the company’s IT help desk. They claim they’ve noticed the spam attack and offer to help “fix” the problem immediately.

Because the victim is already stressed by the email flood, they often trust the person on the phone. During these Fake Tech Support Calls, the “technician” asks the employee to start a remote screen-sharing session using common tools like Quick Assist or AnyDesk. Once the worker grants access, the hacker is effectively sitting in the driver’s seat of a company computer, watching everything the employee does.

The Fake Patch: How Hackers Get Inside

Once the attackers have control of the screen, they don’t just steal a few files and leave. They navigate the browser to a professional-looking website that looks exactly like an official Microsoft login page. The scammers behind these Fake Tech Support Calls tell the employee that they need to “update the anti-spam rules” to stop the junk mail once and for all.

The victim is then asked to enter their email and password into a fake pop-up window. This does two things: it gives the hackers the employee’s actual login credentials, and it makes the whole process look like a legitimate security update. Behind the scenes, the “update” is actually a malicious script. This script triggers a process called “DLL sideloading,” where a legitimate Windows file is tricked into running a hidden, poisonous piece of code that bypasses the computer’s built-in defenses.

Inside the Havoc Framework

The goal of this trickery is to install something called the Havoc Demon. This is a powerful command-and-control tool that gives the hackers total, invisible control over the infected machine. This “Demon” is specifically modified to hide from antivirus software. It uses advanced tricks to “blind” security software so the hackers can work in total silence without triggering any alarms.

Once the “Demon” is inside, the attackers don’t stop there. In one documented attack following these Fake Tech Support Calls, the hackers jumped from a single computer to nine others in the same office in just eleven hours. This incredible speed suggests the attackers were in a rush to either steal all the company’s private data or lock everything up with ransomware to demand a payment.

Why This Should Scare Every Business

This campaign looks a lot like the work of “Black Basta,” a notorious ransomware gang that was thought to have gone quiet. Whether these are the same people or copycats, they are using a playbook that works. They don’t just rely on the Havoc malware; they also use Fake Tech Support Calls to install “backup” tools—legitimate remote management software used by real IT pros—so that even if the company finds and deletes the malware, the hackers still have a secret back door to get back in.

The biggest takeaway here is that hackers are getting much better at the “human” side of the crime. They are willing to call personal phone numbers and spend time talking to people to earn their trust. They aren’t just targeting big tech firms anymore; they are hitting organizations of all sizes with tools that used to be reserved for high-level spies.

If you receive what seems to be Fake Tech Support Calls out of the blue asking for remote access because of a spam problem, hang up and call your office’s official tech support number yourself. In today’s world, a friendly voice on the phone might be the biggest threat to your company’s survival.