Outline
Email purporting to be from Microsoft claims that the recipient’s operating system has a critical security issue and needs to be upgraded urgently via a link in the message.
Brief Analysis
The email is not from Microsoft. The claim that a critical security issue has been discovered on the recipient’s computer is untrue. Those who click the link in the message will be taken to a bogus website where they may be tricked into downloading malware.
Example
Subject: Critical Microsoft Windows Upgrade Notification
Dear Microsoft Windows User,
You are recieving this notification because the version of Microsoft Windows you are running is affected by a critical security issue.
In order to protect yourself and other users of the Microsoft Windows operating system, it is highly recommended that all customers upgrade Windows as soon as possible.
To do so, please download the KB396658 upgrade from Windows upgrade by clicking here.
We appreciate your cooperation.
Regards,
Microsoft Windows Client Support Team
© 2010 Microsoft Corporation
Detailed Analysis
This email, which purports to be an official upgrade notification from Software giant Microsoft, claims that the version of Windows running on the recipient’s computer has a critical security issue that needs to be rectified as soon as possible. The message urges recipients to click a link in the email in order to download an upgrade that will fix the supposed security issue.
However, the email is not from Microsoft. The claim that a security issue has been found on the recipient’s computer is a lie designed to trick him or her into clicking the link in the bogus message.
Those who do click the link in the mistaken belief that they are required to do so in order to protect their computer will actually be taken to a bogus website that contains malware. Clicking “Upgrade” or “Update” links on the bogus website will download the malware and install it on the victim’s computer. Once installed, the malware may allow criminals access to the compromised computer, harvest sensitive personal information and/or download other malware components.
Internet criminals regularly use variations of this fake Microsoft upgrade ruse as a means of distributing malware. Any email that claims to be an upgrade, update or “patch” from Microsoft should be treated as suspicious.
If you receive such an email, do not follow any links in the message or open any attachments. Microsoft will never distribute security updates via unsolicited emails. It is important that Windows users always install genuine Microsoft security updates as soon as possible, but they should only do so via the official Microsoft update website.
In a related scam, phone scammers are posing as Microsoft tech support workers who claim that the victim’s computer has been infected with viruses or has other security problems. The bogus callers attempt to trick those they call into going to their computers and opening a website, ostensibly as part of the procedure for fixing the supposed security issue.
However, once on this website, they will be tricked into downloading and installing trojans and other malware that can allow criminals access to the compromised computer. The victim may also be tricked into parting with credit card or banking details, ostensibly in order to purchase software supposedly needed to “fix” the computer problem.
In short, Microsoft will never send you an unsolicited email informing you that you must follow a link to update your computer. Moreover, Microsoft will never call you to inform you that your computer has viruses or security issues.
Original Source : https://www.hoax-slayer.net/bogus-microsoft-critical-upgrade-notification-email/