Microsoft Windows Update emails try to steal your Gmail, Yahoo, AOL passwords...

JMH

JMH

Emeritus, Contributor
Joined
Apr 2, 2012
Posts
7,197
Beware any emails which claim to come from privacy@microsoft.com - it could be that you're being targeted in an attack designed to steal your AOL, Gmail, Yahoo or Windows Live password.

At first glance, if you don't look too carefully, the emails entitled "Microsoft Windows Update" may appear harmless enough. But the grammatical errors and occasional odd language should raise alarms bells that the emails may not really be from Microsoft.

Dear Windows User,
It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.
This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click on the Verify button below and enter your login information on the following page to confirm your records.
VERIFY
Thank you,
Microsoft Windows Team.
Click to expand...

http://nakedsecurity.sophos.com/201...Feed:+nakedsecurity+(Naked+Security+-+Sophos)
 
Sophos publishes great articles, I read their stuff daily. I'm amazed that the scam e-mail is microsoft.com. Can anyone explain how they manage to send from that domain?
 
Cayden said:
Sophos publishes great articles, I read their stuff daily. I'm amazed that the scam e-mail is microsoft.com. Can anyone explain how they manage to send from that domain?
Click to expand...

It is actually surprisingly easy to spoof mail addresses. It does not mean that microsoft.com has been hacked (it hasn't). Almost anyone can send an email from any address and domain they choose (within restrictions), even if the GUI of Outlook or similar doesn't allow it (the underlying email technologies do). Part of most anti-phising techniques/packages include looking for the tell-tale signs of spoofed/falsified domains.

It would not be appropriate to post the exact details of how this is done here, but needless it is actually quite easy to do, and I am sure someone has written about it somewhere.
 

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top