Site Navigation
- Home
- Latest Information
- Special Features
- Hoax-Slayer Top 10
- Email Hoaxes
- Internet Scams
- Current Issue
- Previous Issues
- HS-News
- Site FAQ's
- Hoax-Slayer Nutshell
- HS About
- Privacy Policy
- HS Site Map
|
Enter your email address to subscribe to the Hoax-Slayer Newsletter: |
Last updated: September 19, 2012
First published: September 19, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer
Subject: Windows Email Security Update
It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for update.
This requires you to verify your email account being the recipient of this update. Failure to verify your records will result in account suspension.
Click on the Verify button below and enter your login information on the following page to Confirm your records.
& nbsp; &n bsp; Click here to Update Your Windows Security
Finally, we have added a binding arbitration clause and class action waiver that affects how disputes with Microsoft will be resolved in the United States.
Thank you for using Microsoft products and services!
Microsoft respects your privacy. Please read our online Privacy Statement.
Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
Detailed Analysis
According to this email, which purports to be from software giant Microsoft, it has been discovered that the recipient's Microsoft Windows installation records are out of date . The message claims that the recipient is therefore required to verify his or her email account because "every Windows installation has to be tied to an email account for update". The recipient is warned that failing to verify will result in suspension of the user's account.
However, the email is certainly not from Microsoft. And the claim that recipients must verify email account details is a lie. In fact, the email is part of a criminal campaign designed to trick people into handing over the email account login details to Internet criminals. Recipients who fall for the trick and click the link in the message, will be taken to a bogus website that asks them to choose their email service, as shown in the following screenshot:
If victims click one of the email options, a popup "login" box is displayed:
If victims then proceed to enter their email login details and press "Sign in", they will then be redirected to a genuine Microsoft support page. Meanwhile, their email login information will be collected by criminals and later used to login to their email accounts and use them to conduct further spam and scam campaigns. While such phishing expeditions are all too common, this one casts a wider net than most by targeting users of several well-known email service providers rather than just one. In fact, by including "Other emails" as a choice on the scam website, the criminals are effectively targeting users of virtually any email service.
Microsoft will never send you an unsolicited email requesting you to click a link to procure a security update. Windows updates are NOT tied to a specific email address as claimed in the scam email. Always keep your Windows operating system updated via the official Windows Update system. Never click links or open attachments that claim to provide updates for your Windows operating system. Moreover, while it is certainly a powerful and high-profile entity, Microsoft has no jurisdiction whatsoever over users of email services other than its own and would certainly not ask users to provide account login details via such an email.
References
Friend Stranded in Foreign Country Scam Emails
Gmail Account Phishing Scam
Last updated: September 19, 2012
First published: September 19, 2012
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer