You had to see this coming as an email phishing campaign is targeting Microsoft Windows OS users by taking advantage of the problems the company has been having with updates.
The email, sporting a big Microsoft logo at the beginning, said an “urgent Windows Error Fix” is available for download.
“Windows Installer package update is required to automatically eliminate obsolete patches in your sequence of patches as a report on our server indicates an error code (0x700) as a result of a failed update. Every installer sequence patch is being linked to an email account. Fill in the error code and other details to automatically fix this error,” the note said. It then offers a link to a page where the victim can “fill in details & Error code.”
The link, however, does not lead to a legitimate HTTPS-protected Microsoft page. Instead, it takes users to a spoofed one where they then can enter the error code, but also their email address and the password for that email account.
While they disapprove of every phishing attempt, occasionally the bad guys show “a resourceful sense of occasion” and come up with an email that will likely not be deleted without a second thought, said Paul Ducklin of security provider Sophos.