Microsoft Volume License Center Phishing Email from Insight Direct
-
So this is a confusing one and I'm trying to track down some answers and while I'm on indefinite hold with Microsoft (12 minutes already) I'll post what I know here. From what I can tell, because we have pretty solid documentation, we just got a phishing attack saying that our volume licenses had expired. Here is what it is like...
The email "comes from" Microsoft but gives zero contact information and says that we had some agreement to spread out payments and says we failed to pay up so all MS software has to be removed immediately. No one knows anything about them contacting us previously, nor a payment plan. This is news to everyone. But there has been some staff changes, so it is plausible that something was missed (the person who got the phishing email is recently retired.)
The email lists our reseller and says that we have to contact them, not Microsoft (that's phishy right there - MS sends us the email but needs a third party to talk to us about payments?) There is zero contact for the company and searching on them isn't straightforward, took a few searches to find the right company. If it is the right company, no way to verify, but we think it is the one that they mean. Insight Direct USA in Arizona (um that name, and that location, both on the phishy scale themselves.)
It's 3PM on a Wednesday afternoon. We call IDUSA and go to the right sales department, phone goes into a crazy "no agent is available to speak to you now" in the fastest loop I've ever heard, then says we have to leave a voicemail, then says that the account has no voicemail and that's that.
Okay, call back and go for the operator options. Goes instead of the same sales team loop and same must leave voicemail, same lack of voicemail and then to an endless loop where it says to hang on for the next operator and never dials anyone, it gets trapped in the IVR. So the company cannot be contacted, middle of the day, middle of the week. And they claim to be some giant company with loads of locations, but only one phone number for all of them.
Digging into the licenses that they claim are expiring - none look like ones that we know. They don't reflect licenses that we know about. I manage to pull up the solid documentation on our VLSC agreements and we know that we have two, so that adds complications. But both are documented well, we have the numbers, and they are years from expiring.
So from what we can tell, we have been phished. It was well done, sent to the right people, at the right time. Had the fake reseller managed to stay up and running long enough to talk to us, they might have talked someone out of some money, who can tell. My guess is that the company is a fake and Microsoft shut them down between them sending the phishing email and us attempting to track them down.
Talking to MS now.
-
VL agreements expire, but have no recurring cost, ever. It is simply an agreement number and you can get new ones all the time when you buy from multiple vendors.
SA is the only VL thing that has a recurring cost. SA will be associated with a VL agreement.
-
Termination letter includes these words, in case anyone is searching later as these don't come up online at all...
Termination of your Microsoft Open Value Agreement...
Thank you for choosing Open Value. On ... we notified you that we had not received your anniversary order from your reseller Insight Direct USA, Inc. (61548062).
You have elected to spread your payments over the term of your agreement. The anniversary of your Agreement was on... and we have not received your anniversary order from your reseller Insight Direct USA, Inc. (61548062). The purpose of this letter is to inform you that regrettably, we are terminating your Open Value Agreement as of the date of this letter 2018-05-30. To help with your record keeping, we ask that you keep all Microsoft notices received during the term of your agreement.
You are required to immediately uninstall all copies of the Open Value products from all desktops in your organization and destroy all the associated media. We have detailed all the products under this agreement on the following page to help you determine which of your software products you are no longer licensed to use.
Please also complete the enclosed Certificate of Deletion and Destruction stating that you have completed the above actions. This certificate needs to be signed by a signatory authorized by your Company and returned to Microsoft for the attention of the Program Operations Team at the following address within 14 days.
-
That sounds really good and sort of kind of sounds like a SA letter.
-
@scottalanmiller said in Microsoft Volume License Center Phishing Email from Insight Direct:
All of that should be viewable when you log in to the Microsoft VLSC. You can view the licensing details for the license agreements you have.
-
@jaredbusch said in Microsoft Volume License Center Phishing Email from Insight Direct:
That sounds really good and sort of kind of sounds like a SA letter.
Yeah, but with the reseller being defunct it's super fishy. Why would MS cancel us based on the reseller no longer being active? Seems like some pretty seriously bad business practices.
-
@jaredbusch said in Microsoft Volume License Center Phishing Email from Insight Direct:
That sounds really good and sort of kind of sounds like a SA letter.
Yeah if you have SA, and chose the options for spread payments, then I can see this being legit.
-
But still, when you log in to the VLSC, you shoudl see all details there.
-
@obsolesce said in Microsoft Volume License Center Phishing Email from Insight Direct:
But still, when you log in to the VLSC, you shoudl see all details there.
It was never registered with MS. So not likely.
-
@scottalanmiller said in Microsoft Volume License Center Phishing Email from Insight Direct:
@obsolesce said in Microsoft Volume License Center Phishing Email from Insight Direct:
But still, when you log in to the VLSC, you shoudl see all details there.
It was never registered with MS. So not likely.
That's weird. We've purchased MS software through many different VARs in the past and they all were registered with MS and show up in the VLSC.
Don't pay anything until confirmed.
-
@obsolesce said in Microsoft Volume License Center Phishing Email from Insight Direct:
@scottalanmiller said in Microsoft Volume License Center Phishing Email from Insight Direct:
@obsolesce said in Microsoft Volume License Center Phishing Email from Insight Direct:
But still, when you log in to the VLSC, you shoudl see all details there.
It was never registered with MS. So not likely.
That's weird. We've purchased MS software through many different VARs in the past and they all were registered with MS and show up in the VLSC.
Don't pay anything until confirmed.
MS says it is real. Gave me a rep to contact that they swear is there right now. But it's just going to voicemail.
-
Been leaving messages. Still no answers. Got an email address, so far no response there, either.
-
@scottalanmiller said in Microsoft Volume License Center Phishing Email from Insight Direct:
Been leaving messages. Still no answers. Got an email address, so far no response there, either.
Yeah, if it was the open value, it could have been 3 annual payments. Hopefully, it isn't too much or too late.
-
@scottalanmiller said in Microsoft Volume License Center Phishing Email from Insight Direct:
Been leaving messages. Still no answers. Got an email address, so far no response there, either.
Why's it so hard to give money away?
-
@wrx7m said in Microsoft Volume License Center Phishing Email from Insight Direct:
@scottalanmiller said in Microsoft Volume License Center Phishing Email from Insight Direct:
Been leaving messages. Still no answers. Got an email address, so far no response there, either.
Yeah, if it was the open value, it could have been 3 annual payments. Hopefully, it isn't too much or too late.
It's too late. Already terminated. Presumably with zero notice. From what we can gather, the reseller either went out of business, or took the money and ran . They aren't contactable, and as far as we know never reached out for anything. Just shut down.
It's amazing how fragile this system is with MS. I totally get that the people who set up this account and told no one about it created the mess. But given that businesses have turn over every day, you'd think that MS would actually want us to pay them rather than having us seeing MS products as a risk that we can't protect against. We have our license records, but no means to access the VLC. Former employee left and didn't record them. So we have no logins. MS says only the resellers can see the details of the agreements, not MS themselves. But we can't tell who the reseller(s) are other than this one that appears to be out of business.
So from what we can tell, Microsoft products are only as reliable as the viability of the reseller. Reseller fails or goes on the run, Microsoft cuts ties with the customers and burns the bridge rather than working with them.
-
@scottalanmiller said in Microsoft Volume License Center Phishing Email from Insight Direct:
@wrx7m said in Microsoft Volume License Center Phishing Email from Insight Direct:
@scottalanmiller said in Microsoft Volume License Center Phishing Email from Insight Direct:
Been leaving messages. Still no answers. Got an email address, so far no response there, either.
Yeah, if it was the open value, it could have been 3 annual payments. Hopefully, it isn't too much or too late.
It's too late. Already terminated. Presumably with zero notice. From what we can gather, the reseller either went out of business, or took the money and ran . They aren't contactable, and as far as we know never reached out for anything. Just shut down.
It's amazing how fragile this system is with MS. I totally get that the people who set up this account and told no one about it created the mess. But given that businesses have turn over every day, you'd think that MS would actually want us to pay them rather than having us seeing MS products as a risk that we can't protect against. We have our license records, but no means to access the VLC. Former employee left and didn't record them. So we have no logins. MS says only the resellers can see the details of the agreements, not MS themselves. But we can't tell who the reseller(s) are other than this one that appears to be out of business.
So from what we can tell, Microsoft products are only as reliable as the viability of the reseller. Reseller fails or goes on the run, Microsoft cuts ties with the customers and burns the bridge rather than working with them.
Yeah, wow. That is annoying. I wonder where the licenses were being used...
-
@wrx7m I'm just leaving them one nasty VM after another. Microsoft claims that they reached out to Insight Direct and got a sales rep who vouched that they were still in business. But for two hours now, no way to reach the company in any way. I'm not buying it. MS claims that they were working with this business today, but that's not really plausible.
-
For anyone who wants to talk to them and see what their phones do, this is their phone number: 800.467.4448
-
@scottalanmiller said in Microsoft Volume License Center Phishing Email from Insight Direct:
For anyone who wants to talk to them and see what their phones do, this is their phone number: 800.467.4448
Which options are you trying?
-
I called their returns number and that actually got through to someone... 800-827-6100. First number that's gone anywhere other than a voicemail box. We'll see if they can reach anyone else.
