Microsoft spam email scam puts users at risk from Trojan
Hoax Microsoft email encourages users to download fake security update.
End users have been warned about a new email scam hitting their inboxes, which claims to contain a security update sent from the Mircosoft Digital Crimes Unit, but is in fact Trojan-infected spam.
The text of the email claims that "due to a new security vulnerability which is exploited by hackers to steal your online details, Microsoft Digital Crimes Unit in 2013 has hereby developed a new security measure.
Cybercriminals often use the names of well-known companies in their scams
"Please download the Microsoft_SFT' file attached, extract the file on to your desktop and open. Once done you will be updated on Microsoft security database."
The email goes on to stress those who do not follow these instructions will be putting their personal or business email accounts at risk from attack by cybercriminals.
However, cyber-security firm Sophos said the supposed patch file attached to the email is actually a Troj/Agent-AANA Trojan.
Marcin Kleczynski, CEO of security vendor Malwarebytes, told IT Pro: "Cybercriminals are always looking to trade off the reputation of big organisations such as Microsoft, the FBI and other trusted brands to achieve malicious ends.
"People must be wary of such unsolicited approaches and resist the urge to succumb to the knee-jerk reaction to click a link or download a piece of software.
"In addition, all the usual rules apply, such as making sure all software is up-to-date and your anti-malware solution is running the latest definitions," he said.
Michala Wardell, head of anti-piracy at Microsoft UK, echoed Kleczynski's points, saying: "Cybercriminals often use the names of well-known companies, like ours, in their scams. We do not send unsolicited email messages or make unsolicited phone calls to users to request personal or financial information or fix their computer.
"If users receive an unsolicited email message or phone call that purports to be from Microsoft and requests that they send personal information or click links, delete the message or hang up the phone."
The ultimate law enforcement agency guide to going mobile
Best practices for implementing a mobile device programFree download
The business value of Red Hat OpenShift
Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShiftFree download
Managing security and risk across the IT supply chain: A practical approach
Best practices for IT supply chain securityFree download
Digital remote monitoring and dispatch services’ impact on edge computing and data centres
Seven trends redefining remote monitoring and field service dispatch service requirementsFree download