There is a nifty phishing page on a website called microsofts.us that is very good at snaring victims, said researchers at GFI Labs.
When a victim goes to the site, after they succumb to a spam attack, users see a message which reads: “Your computer is out of date and risk is very high. To update your windows installation records you are required to choose your email address below.”
After victims provide their email addresses and associated passwords, they end up seeing a page that contains instructions on how to update Windows.
The instructions are not malicious, but at this point, the user’s credentials are safely stored in a database controlled by the cyber criminals.
The site is currently under watch as being malicious by browsers and security solutions providers, and officials removed the webpage in question.
Just because that page is gone, it does not mean the attack is through. That means users need to be on top of their game because these phishers can easily relocate the page.