Beware any emails which claim to come from email@example.com – it could be that you’re being targeted in an attack designed to steal your AOL, Gmail, Yahoo or Windows Live password.
At first glance, if you don’t look too carefully, the emails entitled “Microsoft Windows Update” may appear harmless enough. But the grammatical errors and occasional odd language should raise alarms bells that the emails may not really be from Microsoft.
Dear Windows User,
It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.
This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click on the Verify button below and enter your login information on the following page to confirm your records.
Microsoft Windows Team.
If you do make the mistake of clicking on the link you are taken to a third party website (not the real Microsoft.com), where you are warned that your computer is at high risk and told to choose between logging in via Gmail, Windows Live, Yahoo or AOL.
For the benefit of this article, I chose to pretend that I wanted to log in via AOL. Surprise surprise, the web page asked me to enter my AOL username and password.
Of course, whatever I enter at this point is going to be passed straight into the hands of a cybercriminal. Once your details are in their claws, they’ll waste no time breaking into your online account, stealing information and potentially committing identity theft.
Oh, and I hope you don’t use the same password on multiple websites. Things could definitely get very ugly..
Naturally, victims of the phishing attack are oblivious to what is going on – especially as the thoughtful scammers are caring enough to redirect your browser to a genuine Microsoft webpage related to updating your Windows security.
Take care folks. Be suspicious of unsolicited emails, and always think carefully before entering your webmail passwords. If you are reckless you might be handing the keys to your online life over to a complete stranger.
Thanks to Naked Security reader Nick for drawing our attention to this threat.