Not every email that’s signed off with “Microsoft Team” actually comes from Microsoft. A perfect example is the latest phishing scheme that’s designed to lure victims to a malicious website by promising them a free copy of Windows 8.
In this case, the crooks have come up with some fancy names such as “Microsoft window vital user” in an effort to make their scheme more legitimate-looking, but the notification is clearly written in haste by con artists.
Entitled “Microsoft Windows 8 Team,” the emails look something like this: “This message is sent to you because, you are a member of the Microsoft window vital user, to Get the new Window 8 freely and fully protected, click the below Microsoft Window 8 premium link and submit, your info on the webpage and click update. Window 8 Update.”
Apparently, the Microsoft Windows 8 Team wants users to access a link which allegedly points to the “Windows 8 update.” However, in reality, the site that hides behind the link is part of a clever phishing scam.
According to Sophos experts, those who click on it are taken to a “webmail verification” site hosted on a server from Slovakia where they’re asked to provide information such as email address, username, password (twice) and domain server name.
Considering the fact that users can enter any email address and associated passwords, the fraudsters seem to be willing to settle for any types of accounts they can lay their hands on.
“If you're careless, you could have just handed over the keys to your castle to a bunch of cybercriminals,” Sophos Senior Technology Consultant Graham Cluley explained
The expert advises users and company managers to invest in comprehensive security solutions if they fear that they, respectively their employees, could fall victims to such schemes.