Email Worm Poses As Microsoft Update, Warns MS
Microsoft is today warning users of fake security alerts arriving via email. Microsoft is reminding users that it never sends out security alerts with attachments via email and that you should never open such an email if it arrives in your inbox.
Microsoft Email Security Updates Are a Scam
Cyber-criminals have been sending a so-called Microsoft updates that are actually viruses.
This scam in particular takes advantage of Microsoft's well-established Patch Tuesday schedule for monthly email updates. Potential victims receive an email purporting to be from Microsoft's Director of Security Assurance, Steve Lipner (who in fact does hold that role).
The recipient is then told to install the attached file, KB453396-ENU.exe (or a similar name), which is supposed to be the security update.
Worm, Virus Replicates Itself, Sends to Contact List
The email attachment (.EXE file) is actually a worm / virus, meaning that once it is installed on a users' PC, it will attempt to replicate itself by sending a copy of the infected attachment to all users on the host PC's contact list (address book).
The idea is to get the worm / virus on as many machines as possible in order to become part of a botnet. The botnet is then used to attack websites, corporate structures, and is even sold to other online criminals for their evil-doing.
Fake Alerts Contain Dubious Spelling, Dates
There are a variety of errors that reveal the message as a scam.
For example, the Microsoft update schedule is actually for the second Tuesday of the month, meaning the fake emails are a week early. More significantly, not only is the language of the email clearly not professional enough to be legitimate (suggesting it may be the work of people for whom English is not a first language), the writers have also misspelled the fake return address, writing no-reply@microsft.com rather than microsoft.com. (Source: networkworld.com)
Microsoft Security Checklist: How to Avoid Email Scams
Still, the sheer number of people using Windows means it takes only a tiny proportion of users to be fooled by such attacks to do a serious amount of damage. As a result, Microsoft has once again drawn its attention to a checklist for making sure a security email from the company is legitimate.
The checklist notes that Microsoft never includes attachments in an email. It also points out that any information it includes in such messages be duplicated on the Microsoft security site, so users should double-check to confirm this. To avoid confusion, the information always goes on the website before emails are sent out.
The company also advises that users do not click on links in security-related emails, but rather cut and paste the address into their browser. It also says that for added security it may be safer to visit the known home page of the site and navigate to the required information. (Source: microsoft.com)
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.