Issue 130 - May 2012 (1st Edition) - Page 1
Fake Microsoft "Anti-spoofing Update" Notification Email
Email purporting to be from Microsoft claims that a new security update has been released and instructs recipients to follow a link to install the update with "just one click".
The email is not from Microsoft and the link does not lead to a security update. In fact, clicking the link will take the user to a bogus website that harbours malware. Always update your Microsoft operating system via Windows Update, not by clicking a link in an unsolicited email.
Detailed analysis and references below example.
Last updated: 26th April 2012
First published: 26th April 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Security update KB971033 has been released.
There are important steps you should take to protect yourself from online
threats such as financial crimeware and identity theft. Taking the steps
below to protect your computer not only saves you time and trouble should
something go wrong, but also ensures that you are getting the best online
There's an easy, free way to help keep your PC safer and running smoothly.
It's called Windows Update. All you have to do is turn it on, and you'll get
the latest security and other important updates from Microsoft
Setting up Windows Update is simple: Just go to the Microsoft Update
website. If you've already got automatic updating turned on, Windows Update
in Control Panel will open and show your update status. If it's not yet
turned on, you'll be guided through the steps to do so. After that, all the
latest security and performance improvements will be installed on your PC
quickly and reliably.
We detected that you don't have installed Anti-spoofing update KB971033 from
Microsoft, this update will protect you from accessing fake pages like
phishing site by checking any accessed link without any delay in browsers
and also will fix CVE-2012-3651 (Adobe auto-downloader) exploit, you can
install it with just one click here:
When you turn on automatic updating, most updates will download and install
without you having to lift a finger. But sometimes Windows Update will need
your input during an installation. In this case, you'll see an alert in the
notification area at the far right of the taskbar be sure to click it. If
you don't respond to a Windows Update alert, your PC might end up missing an
We recommend that you use automatic updating but if you choose not to, be
sure to check for updates at least once a week.
This message, which purports to be from Microsoft, claims that the software giant has detected that the recipient does not have "Anti-spoofing update KB971033" installed. It instructs the recipient to click a link in the email to install this "security update" along with a fix for another exploit. The message also includes background information about using Windows Update and protecting oneself from crimeware and identity theft.
Ironically, the message is itself a scam
designed to trick recipients into downloading "crimeware" and exposing their personal information for the use of online criminals. The message is not from Microsoft and the link does not point to a security update. Those who click the "update" link in the message will be taken to a website that harbours malware.
The scammers have attempted to make their "update" claim seem more believable by nesting it within paragraphs of legitimate security information stolen from other sources including bank websites
and Microsoft itself
. And, to further the illusion, the scammers have used the number of a genuine Microsoft update (KB971033).
Criminals have long used bogus security update
emails to distribute malware
and they are likely to continue using the tactic. In a phone based variant
of the scam, criminals posing as Microsoft technicians may call you and falsely claim that they have detected errors or viruses on your computer. Microsoft will never ask users to install a security update by clicking a link or opening an attachment in an unsolicited email. Microsoft does not check your computer for errors or security issues and will never email or call you unsolicited about computer problems.
It is important that users install any legitimate updates released by Microsoft, but they should do so only via the official Windows Update website.
Microsoft Answers - I received the email below .. Is it a Scam?
Protect yourself online
Bogus Microsoft Critical Upgrade Notification Email
Fake Microsoft Critical Update
Scammers Pose as Microsoft Tech Support Workers to Hijack Computers
Pages in this issue:
- Fake Microsoft "Anti-spoofing Update" Notification Email
- Facebook Survey Scam - Free Pair of Ray-Bans
- New US Presidential Coins Omit "In God We Trust"?
- Warnings Claim Thousands May Lose Internet In July 2012
- Facebook Sweepstakes Advance Fee Scam
- Facebook Message Asks For Boycott Of Subway Store Due to Staff Treatment Of Autistic Child
- Hoax: HIV Infected Blood In Pepsi
- '22 Foot 2500 Pound' Crocodile Photo
- 'DGTFX Virus' Email Account Phishing Scam
- Bank Of America 'General Account Update' Phishing Scam
- Photos of Elephants Inside the Mfuwe Lodge in Zambia
- Miracle in Egypt - Buried Children Saved By Jesus
- Bogus Verizon Wireless Bill Email Points to Malware
- Boeing 797 Hoax
- 'Switch To Green' Facebook Survey Scam
- Phishing, Malware and Survey Scam Campaign - 'Click Here To See Attached Photos'
- Yahoo 'E-Mail Account Exceeded' Phishing Scam
- Hoax - June 2012 - 5 Fridays, 5 Saturdays and 5 Sundays