Microsoft Windows Update Emails Attempting to Steal Gmail and Yahoo Passwords

Fake emails sent by scammers try to steal account data

It’s no secret that Microsoft’s reputation is being used by scammers to steal users’ data, but this time a new wave of attacks tries to convince people that they need to download a Windows update pack. A fake one, that is.

Security company Sophos warned that users across the Internet may receive an email from what seems to be a valid Microsoft address (privacy[at]microsoft[dot]com) telling them about a new Windows Update released by the Redmond-based technology giant.

In case the user clicks on the link included in the email body, they are redirected to a third-party webpage asking for Gmail, Yahoo, Windows Live or AOL credentials in order to download the update.

“Dear Windows User, it has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update. This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click on the Verify button below and enter your login information on the following page to confirm your records,” the email text reads.

The email is signed by the Microsoft Windows Team, but it’s obviously a fake message, so you are strongly advised to delete the message as fast as possible.

As you can see, it’s easy to determine that it’s a fake email, mostly because of the grammatical errors, but some users may still be tricked into believing that it’s a real Microsoft email.

“Take care folks. Be suspicious of unsolicited emails, and always think carefully before entering your webmail passwords. If you are reckless you might be handing the keys to your online life over to a complete stranger,” Sophos warned in blog post.

Hot right now  ·  Latest news