Microsoft spam email scam puts users at risk from Trojan

Hoax Microsoft email encourages users to download fake security update.

Malware

End users have been warned about a new email scam hitting their inboxes, which claims to contain a security update sent from the Mircosoft Digital Crimes Unit, but is in fact Trojan-infected spam.

The text of the email claims that "due to a new security vulnerability which is exploited by hackers to steal your online details, Microsoft Digital Crimes Unit in 2013 has hereby developed a new security measure.

Cybercriminals often use the names of well-known companies in their scams

"Please download the Microsoft_SFT' file attached, extract the file on to your desktop and open. Once done you will be updated on Microsoft security database."

The email goes on to stress those who do not follow these instructions will be putting their personal or business email accounts at risk from attack by cybercriminals.

However, cyber-security firm Sophos said the supposed patch file attached to the email is actually a Troj/Agent-AANA Trojan.

Marcin Kleczynski, CEO of security vendor Malwarebytes, told IT Pro: "Cybercriminals are always looking to trade off the reputation of big organisations such as Microsoft, the FBI and other trusted brands to achieve malicious ends.

"People must be wary of such unsolicited approaches and resist the urge to succumb to the knee-jerk reaction to click a link or download a piece of software.

"In addition, all the usual rules apply, such as making sure all software is up-to-date and your anti-malware solution is running the latest definitions," he said.

Michala Wardell, head of anti-piracy at Microsoft UK, echoed Kleczynski's points, saying: "Cybercriminals often use the names of well-known companies, like ours, in their scams. We do not send unsolicited email messages or make unsolicited phone calls to users to request personal or financial information or fix their computer.

"If users receive an unsolicited email message or phone call that purports to be from Microsoft and requests that they send personal information or click links, delete the message or hang up the phone."

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Malware developers create malformed code signatures to avoid detection
malware

Malware developers create malformed code signatures to avoid detection

24 Sep 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021
What is cyber warfare?
Security

What is cyber warfare?

15 Oct 2021