14 DAY TRIAL // Now that Windows 8 users are rushing to update to Windows 8.1, cybercriminals are using the buzz created around this topic to lure unsuspecting internauts to a phishing website.
Experts have spotted bogus Microsoft emails entitled “Microsoft Windows Update” that appear to come from a microsoft.com address.
“Dear Customer, Evaluation period has expired. For information on how to upgrade your windows software please Upgrade Here. Thank you,” the fake notifications read.
According to Dynamoo’s Blog, the email has been sent via the hacked email system of an Idaho-based trucking company. The links contained in the messages point to a legitimate website that’s been hacked and set up to host a phishing page.
The malicious site instructs users to hand over their mail server, email address and email password. Once the information is handed over, victims are redirected to a genuine Microsoft website, most likely in an effort to avoid raising too much suspicion.
It's worth noting that the email informs recipients about a Windows update, but the phishing website shows the Office logo.
In case you’re a victim of this scam, change your password. If you’ve handed over the credentials to your work email account, notify your IT department immediately.