Beware of fake Windows 7 update email: it’s a phishing attack to steal users’ credentials
A scam, specifically a phishing attack, has targeted employees of many companies still using Windows 7 as the operating system on their computers. Through a fake email, attackers are allegedly hoarding login credentials, putting the security of sensitive data and information at risk.
The scam works in a devious way: in the text, employees are asked to upgrade their computer’s operating system to Windows 10. Once the user clicks on the link inside, they are redirected to a fake Outlook login page where they enter their credentials, leaving them at the mercy of cyber criminals. The invitation itself doesn’t sound entirely fake, but it does appeal to the users’ good faith: Windows 7 reached the end of its life cycle on January 14, and Microsoft itself has repeatedly urged companies to quickly perform a general upgrade.
Windows 7 update scam: what does the email look like
How to recognize if you’re under a phishing attack? Just take a close look at the email. The first signal comes from the subject of the message: “Re: Microsoft Windows Upgrade”. According to some researchers, the presence of the “Re:”, i.e. a reply, would instill in the reader the need to respond quickly to the communication because a previous message on the subject may have been lost or escaped attention.
Another signal is the text: often the content, where the link that leads straight into the mouth of the attackers is contained, appears with irregular formatting, such as incorrect spaces or words with capital letters where not required. In short, all small flags that can put you on the alert, especially if you think that the sending should have an official character. Even the sender should raise some suspicion: the mail domain is not that of your company but, in most cases, external or simply a series of alphanumeric characters without any meaning.
Windows 7 update scam: what happens if you click
If by chance, distraction or good faith you find yourself clicking on the link you are quickly redirected to a landing page that replicates, or at least tries to, the login screen of an Outlook Web App page. In the middle of it, a form waits for the unfortunate user’s username and password to be entered.
Here again, having a bit of an eye can help: although the page comes with a valid SSL certificate, the layout is particularly sloppy. The similarities with the original, in fact, do not go beyond the presence of the two data boxes; all the rest appears not only different from the structure of the original, but also messy and absolutely not credible. Once you’ve entered your credentials, that’s it: you’re redirected to Microsoft’s page about the end of support for Windows 7 and you can say goodbye to your identifiers.