Phishers Exploit News of Upgrading to Windows 8.1
Dynamoo Blog's Conrad Longmore, Security Blogger has warned that as users of Windows 8 hasten towards revising their software by downloading the upgraded Windows 8.1 version, online crooks are becoming active exploiting the hype around it towards enticing credible Internet-users into accessing certain phishing website, reported softpedia.com dated October 18, 2013.
Indeed, fake Microsoft e-mails have been spotted titled "Microsoft Windows Update," which seem as originating from an id with microsoft.com as suffix.
The e-mails, addressing recipients as 'customer,' inform about expiration of the evaluation period. Therefore, for making one's Windows software up-to-date, the related information is provided through a web-link named "Upgrade Here," the e-mails state, which then end by thanking the reader.
Dynamoo's Blog explains the electronic mails have been dispatched through one hijacked e-mail account belonging to a trucking company in Idaho. The web-links embedded on them lead onto one genuine site, which has been compromised as also modified for harboring one phishing page.
When landing on this fraudulent page, users are directed for providing their e-mail accounts' password, address and server name. After these are submitted, the victims get diverted onto one real Microsoft site such that any suspicion by them maybe averted.
Here it maybe noted that while the messages tell readers of one Windows update, there actually appears the company's official logo on the phishing page.
However, certain security tips are advisable for remaining safe from the phishing scam. First, any unsolicited electronic mail should be treated with greatest doubt incase it comes from a familiar firm, similar as Microsoft within the aforementioned instance, but instructs for clicking a given web-link so as to reveal sensitive information similar to those asked within the aforementioned messages.
Secondly, incase anybody has already divulged the details, in response to the phishing e-mail, he should inform the targeted organization, similar as Microsoft within the above instance. The necessity is for acting fast towards safeguarding account, which scammers understandably hijacked during the phishing attempt.
Finally, one must remove all unsolicited e-mails that arrive inside his inbox without viewing them.
Meanwhile, in another likewise instance, during September 2012, nakedsecurity.sophos.com identified phishing e-mails titled "Microsoft Windows Update."
» SPAMfighter News - 24-10-2013