Phishers Steal Email Account Credentials with Shady “Windows Update” Site

They're willing to settle for any type of account, including Yahoo!, Gmail and AOL

By on November 1st, 2012 21:21 GMT

A group of cybercriminals appears to be on a mission to gather Yahoo!, Gmail, Windows Live, AOL and any other email account credentials they can lay their “hands” on.

According to GFI Labs experts, for this, they’ve set up a cleverly designed phishing page on a website called microsofts.us.

When they visit this site, most likely after clicking on links received via spam, users are presented with a message which reads: “Your computer is out of date and risk is very high. To update your windows installation records you are required to choose your email address below.”

After victims provide their email addresses and associated passwords, they’re presented with a page that contains instructions on how to update Windows.

The instructions are not malicious, but at this point, the user’s credentials are safely stored in a database controlled by cybercriminals.

The site is currently flagged as being malicious by browsers and security solutions providers, and the webpage in question has been removed. However, users are still advised to be on the lookout for this one since the phishers can easily relocate the page.
Phishing website
   Phishing website
MORE ON THIS TOPIC
LATEST NEWS
HOT RIGHT NOW

Comments