Outline
Email purporting to be from Microsoft claims that the recipient’s operating system has a critical security issue and needs to be upgraded urgently via a link in the message.
Brief Analysis
The email is not from Microsoft. The claim that a critical security issue has been discovered on the recipient’s computer is untrue. Those who click the link in the message will be taken to a bogus website where they may be tricked into downloading malware.
Example
Subject: Critical Microsoft Windows Upgrade Notification
Dear Microsoft Windows User,
You are recieving this notification because the version of Microsoft Windows you are running is affected by a critical security issue.
In order to protect yourself and other users of the Microsoft Windows operating system, it is highly recommended that all customers upgrade Windows as soon as possible.
To do so, please download the KB396658 upgrade from Windows upgrade by clicking here.
We appreciate your cooperation.
Regards,
Microsoft Windows Client Support Team
© 2010 Microsoft Corporation
Detailed Analysis
This email, which purports to be an official upgrade notification from Software giant Microsoft, claims that the version of Windows running on the recipient’s computer has a critical security issue that needs to be rectified as soon as possible. The message urges recipients to click a link in the email in order to download an upgrade that will fix the supposed security issue.
However, the email is not from Microsoft. The claim that a security issue has been found on the recipient’s computer is a lie designed to trick him or her into clicking the link in the bogus message.
To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free! Can you help us stay online?
Internet criminals regularly use variations of this fake Microsoft upgrade ruse as a means of distributing malware. Any email that claims to be an upgrade, update or “patch” from Microsoft should be treated as suspicious.
If you receive such an email, do not follow any links in the message or open any attachments. Microsoft will never distribute security updates via unsolicited emails. It is important that Windows users always install genuine Microsoft security updates as soon as possible, but they should only do so via the official Microsoft update website.
In a related scam, phone scammers are posing as Microsoft tech support workers who claim that the victim’s computer has been infected with viruses or has other security problems. The bogus callers attempt to trick those they call into going to their computers and opening a website, ostensibly as part of the procedure for fixing the supposed security issue.
However, once on this website, they will be tricked into downloading and installing trojans and other malware that can allow criminals access to the compromised computer. The victim may also be tricked into parting with credit card or banking details, ostensibly in order to purchase software supposedly needed to “fix” the computer problem.
In short, Microsoft will never send you an unsolicited email informing you that you must follow a link to update your computer. Moreover, Microsoft will never call you to inform you that your computer has viruses or security issues.
Since you’ve read this far…
…can I ask you for a big favour?To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.
If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.
You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.
Thank-you.
Brett Christensen