Fake “Microsoft Windows Update” e-mail will steal your Gmail, Windows Live, Yahoo, or AOL passwords — be careful

E-mail threats are a non-stop nuisance. After the recent “Important Changes to Microsoft Services Agreement” malicious e-mail, we have another swipe at Windows users. This time the e-mail comes in the form of a phishing attack.

An e-mail from “privacy@microsoft.com” with the subject of “Microsoft Windows Update” is hitting inboxes around the globe telling users that their Windows installation is “out of date”. The e-mail says that all Windows installations are tied to an e-mail account and provides a “verify” link that users must visit, or risk “account suspension”. Clicking on the “verify” link takes users to a page (which is not a Microsoft page, despite the attempt to fool you by using a “www.microsoft.com” sub-domain) where users are asked to enter their e-mail login details (username and password):

Once a user enters their login details, they are redirected to a legitimate Microsoft support page…

…so as to make the phishing scam seem legitimate.

The e-mail is obviously not really from Microsoft even though the e-mail claims to be from “privacy@microsoft.com”. Aside from Windows 8 users who may be confused by Microsoft’s new feature of logging into Windows with your Microsoft e-mail, any semi-technical person knows Windows is not associated with an e-mail address so an e-mail claiming otherwise can be nothing but a scam. Plus whoever looks closely will see red flags in the form of poor grammar (inaccurate capitalization of words). Still, I’m user the average Joe could potentially be swayed into providing their user name and password. If only they read dotTech.

As mentioned before, any good spam filter should redirect spoofed e-mails — such as this one — to the spam box. If, however, you do find this e-mail in your inbox, simply delete it.

Stay safe!

[via Sophos]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

3 comments

  1. DrTszap

    If I got such an email I’d be tempted to offer the rats some cheese… something like (director)@(alphabet agency).gov pswd catchmequick and see if they take the bait (you *know* attempted intrusion at any ‘alphabet agency’ will be traced and… Oh Snap, another rat gets trapped… *g*) but, hey, I’ve been known to ‘unsubscribe’ spammers from other spammers mail lists >;->