Fake Microsoft emails inform recipients that their “installation records are out of date.” The messages attempt to trick users into handing over their Windows Live, Yahoo!, Gmail, AOL or other credentials.
Why settle for less, when you can have more (or “the best” as Lil Wayne puts it)? That’s probably what the cybercriminals behind this new spam campaign were thinking (or singing) when they designed it.
The malicious emails read something like this:
Dear Windows User,
It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.
This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click on the Verify button below and enter your login information on the following page to confirm your records.
Microsoft Windows Team.
Once the Verify button is clicked, the victim is taken to a website where he/she is told that “the risk is very high” because the computer is out of date.
They’re asked to log in to one of their email accounts. However, unlike other phishing operations in which they target the customers of only one email service provider, in this case, the crooks will settle for whatever they can get: Yahoo!, Gmail, AOL, Windows Live, or “Other” usernames and passwords.
Once the credentials of the account are entered, the victim is redirected to a legitimate Microsoft Windows Update website.
Of course, at this point, the valuable information is already in the cybercriminals’ possession. They can either use it in their own malicious operations, or they can sell it to others.
We advise internauts to be on the lookout for such emails. If you already took the bait and handed over your password, be sure to change it before the phishers start putting your account to good use.