Your BBB has received news of a sophisticated phishing scam purporting to be from Microsoft. The phishing email uses the trouble Microsoft had in September with their updates—w here they were sending out updates to their updates—to trick consumers into revealing their username and password. This new phishing scam claims to be an urgent Windows error fix and at first glance it appears to be legitimate. The email says the update is required to eliminate obsolete patches, and gives a 0x700 error code. Consumers are directed to click on a link and to enter their email address and password in order to fix the error.
If you receive such an email, do not click on the link; just delete the email.
On its website, Microsoft clearly states that it “does not send unsolicited communication about security updates.” They go on to say, “Unfortunately, cybercriminals have exploited this program by sending fake security communications that appear to be from Microsoft.”
Microsoft never attaches software updates to their security communications. Instead, they refer customers to their website for information about available updates or security incidents.
Here are some tips for detecting a phishing scam email:
Spelling and bad grammar – If the email contains several spelling and grammar errors, it could be a scam.
Beware of links in email. If you see a link in a suspicious email message, don’t click on it. Instead, hover your mouse (but don’t click) over the link to see if the address matches the link that was typed in the message. Links might also lead you to .exe files. These kinds of files are known to spread malicious software.
Threats. If you ever receive a threat that your account would be closed if you didn’t respond to an email message, this would be an indication that it is a scam.
Spoofing popular websites or companies. Scam artists use graphics in email that appear to be connected to legitimate websites but actually take you to phony scam sites or legitimate-looking pop-up windows. Cybercriminals also register web addresses that resemble the names of well-known companies but are slightly altered, called cybersquatting and typosquatting. For example, using www.micrsoft.com, www.micosoft.com, or www.mircosoft.com to make consumers think they are on the official Microsoft website www.microsoft.com.
For more information you can trust, visit your BBB at Evansville.bbb.org.