A new scam targeting Microsoft Windows users has been discovered, urging caution when interacting with emails and download links. Cybercriminals are luring users to fake websites resembling official Microsoft pages, prompting the download of what appears to be a legitimate Windows update. However, the file actually contains harmful malware aimed at stealing sensitive information like passwords and payment details.
According to cybersecurity researchers at Malwarebytes, the scam involves websites designed to mimic Microsoft Support and Windows Update, utilizing Microsoft’s fonts, colors, and design to deceive users. Malwarebytes advises users not to click on any email, text, or notification prompting urgent updates but to verify through the Settings > Windows Update directly.
The downloaded file looks authentic, making it harder for users and some security software to detect its malicious nature. While the current targets seem to be primarily in France, experts warn that such campaigns can quickly spread, emphasizing caution among all Windows users before downloading anything.
To safeguard against such scams, users are recommended to avoid update links from emails, text messages, or social media, opting instead to install updates through Windows’ built-in system. Enabling automatic updates and being cautious of separate Windows update downloads from websites are also key precautions to take. Windows 11 users are particularly urged to scrutinize unexpected update messages and only install software through official Microsoft channels for enhanced protection against these malicious attacks.