Bogus “Windows Email Security Update” emails lead to phishing
Hot on the heels of the malicious spam emails posing as Microsoft notifications about changes to Microsoft Services Agreement comes a Microsoft-themed phishing attempt.
“It has come to our attention that your Microsoft windows Installation records are out of date,” claims the email. “Every Windows installation has to be tied to an email account for update. This requires you to verify your email account being the recipient of this update. Failure to verify your records will result in account suspension. Click on the Verify button below and enter your login information on the following page to Confirm your records.”
By clicking on the offered link, the users are taken to a bogus website that asks them to choose their email service and login:
Of course, any of the submitted credentials will end up in the phishers’ hands, and the users will be redirected to a genuine Microsoft support page.
“While such phishing expeditions are all too common, this one casts a wider net than most by targeting users of several well-known email service providers rather than just one,” points out Hoax-Slayer. “In fact, by including ‘Other emails’ as a choice on the scam website, the criminals are effectively targeting users of virtually any email service.”
Users are advised to remember that Microsoft (or any other legitimate company, for that matter) would never include login links in their emails.
“Moreover, while it is certainly a powerful and high-profile entity, Microsoft has no jurisdiction whatsoever over users of email services other than its own and would certainly not ask users to provide account login details via such an email,” he concludes.