- dotTech - http://dottech.org -

Fake “Microsoft Windows Update” e-mail will steal your Gmail, Windows Live, Yahoo, or AOL passwords — be careful

Posted By Ashraf On September 24, 2012 @ 10:00 PM In Windows,World Wide Web | 3 Comments

[1]

E-mail threats are a non-stop nuisance. After the recent “Important Changes to Microsoft Services Agreement” malicious e-mail [2], we have another swipe at Windows [3] users. This time the e-mail comes in the form of a phishing attack.

An e-mail from “privacy@microsoft.com” with the subject of “Microsoft Windows Update” is hitting inboxes around the globe telling users that their Windows installation is “out of date”. The e-mail says that all Windows installations are tied to an e-mail account and provides a “verify” link that users must visit, or risk “account suspension”. Clicking on the “verify” link takes users to a page (which is not a Microsoft page, despite the attempt to fool you by using a “www.microsoft.com” sub-domain) where users are asked to enter their e-mail login details (username and password):

[4]

[5]

Once a user enters their login details, they are redirected to a legitimate Microsoft support page…

[6]

…so as to make the phishing scam seem legitimate.

The e-mail is obviously not really from Microsoft [7] even though the e-mail claims to be from “privacy@microsoft.com”. Aside from Windows 8 [8] users who may be confused by Microsoft’s new feature of logging into Windows with your Microsoft e-mail, any semi-technical person knows Windows is not associated with an e-mail address so an e-mail claiming otherwise can be nothing but a scam. Plus whoever looks closely will see red flags in the form of poor grammar (inaccurate capitalization of words). Still, I’m user the average Joe could potentially be swayed into providing their user name and password. If only they read dotTech.

As mentioned before, any good spam filter should redirect spoofed e-mails — such as this one — to the spam box. If, however, you do find this e-mail in your inbox, simply delete it.

Stay safe!

[via Sophos [9]]


Article printed from dotTech: http://dottech.org

URL to article: http://dottech.org/82346/fake-microsoft-windows-update-e-mail-will-steal-your-gmail-windows-live-yahoo-or-aol-passwords-be-careful/

URLs in this post:

[1] Image: http://dottech.org/wp-content/uploads/2012/09/windows_update_phishing_scam_1.jpg

[2] “Important Changes to Microsoft Services Agreement” malicious e-mail: http://dottech.org/81442/fake-microsoft-e-mail-is-spreading-malware-be-careful/

[3] Windows: http://dottech.org/category/windows

[4] Image: http://dottech.org/wp-content/uploads/2012/09/windows_update_phishing_scam_2.jpg

[5] Image: http://dottech.org/wp-content/uploads/2012/09/windows_update_phishing_scam_3.jpg

[6] Image: http://dottech.org/wp-content/uploads/2012/09/windows_update_phishing_scam_4.jpg

[7] Microsoft: http://dottech.org/tag/microsoft

[8] Windows 8: http://dottech.org/tag/windows-8

[9] Sophos: http://nakedsecurity.sophos.com/2012/09/24/monday-review-the-hot-18-stories-of-the-week/

© 2008-2012 dotTech.org | All content is the property of its rightful owner.