Fake Microsoft Security Bulletins

October 5th, 2009 Leave a comment Go to comments

Several of my readers have reported receiving fake Microsoft security bulletins via email. Like other scams, these are designed to deceive you into clicking links that will infect your computer with viruses.

This particular scam is quite clever. It uses the same terminology as a real Microsoft bulletin, down to a legitimate-sounding number for the purported patch, which in this case is supposedly for Outlook. But, note the provided link. The text of the link looks like it goes to Microsoft, but when you mouse over it, the actual link (see the status bar at the bottom) goes to the scammer’s site.

microsoftsecurityscam

Fake links are easily created. Like so:

http://update.microsoft.com/realistic-sounding-link

What I did was type the realistic-sounding link, highlight it, and link it to a different address (in this case something innocuous: the address for this blog). Note that if you mouse over the linked text, you’ll see the actual address in the status bar at the bottom of your screen.

When it comes to fake security bulletins, bear in mind:

  • Microsoft doesn’t email you security bulletins unless you have actively signed up for their security bulletin notification service. Which I wouldn’t expect most people to do: the bulletins are highly technical and not very helpful unless you know what to expect.
  • If there are updates for your computer and you have Automatic Updates turned on (and there are reasons you might not want to), you’ll get them automatically without having to click on anything.
  • Some of these scam emails come with attachments pretending to be the patch you need. Don’t click on them! It’s another way to infect you with viruses. Microsoft never sends updates by email.
  • To find out if your Windows computer needs updates, go to update.microsoft.com and scan for them. Never click on a link in an email message.
  • Scammers will say anything to get you to click on links, because it’s the easiest way for them to infect your computer.

In this case, you can see at the top of the screenshot that my email program, Mozilla Thunderbird, alerted me that this message might be a scam. Your email program may or may not do that, so caution is your best policy.

Thanks to everyone who sent this my way.

Subscribe FREE to the email version of Tech Tips between now and October 14, 2009 and I’ll send your special gift: a tip sheet on Computer Housekeeping for PC and Mac.

Categories: antivirus, computer help, Internet, malware, microsoft, pc, phishing, scams, security, spam, spyware, viruses, web, windows Tags: