Users are tricked into handing over their credentials
Microsoft has experienced some problems with its latest patches. Experts warn that the incidents are being leveraged by cybercriminals to trick users into handing over personal details.Sophos researchers have come across bogus Microsoft emails entitled “Urgent Windows Error Fix.” The fake notifications read something like this:
“Windows Installer package update is required to automatically eliminate obsolete patches in your sequence of patches as a report on our server indicates an error code (0x700) as a result of a failed update.
Every installer sequence patch is being linked to an email account. Fill in the error code and other details to automatically fix this error”
Those who click on the “fill in details & Error code” link are taken to a Microsoft phishing site where they’re asked to hand over their email address and associated password.
As experts highlight, the bogus site doesn’t use an HTTPS connection. This is usually a clear indicator of a phishing scam.