Microsoft began warning customers on Monday that scammers are sending out bogus emails claiming to include important Windows security alerts. Unfortunately, this warning comes a day before Microsoft is set to release authentic and critical security updates.
Though scam emails are a common way to steal personal information, this particular scam is out to infect your computer too. The attachment contains a Trojan that records your personal information such as passwords and credit card numbers and then passes it on to the scammers.
Microsoft warns they have received a string of emails all indicating the scammers are targeting Microsoft customers.
Here's what the email looks like;
Dear Microsoft Customer,
Please notice that Microsoft company has recently issued a Security Update for OS Microsoft Windows. The update applies to the following OS versions: Microsoft Windows 98, Microsoft Windows 2000, Microsoft Windows Millenium, Microsoft Windows XP, Microsoft Windows Vista.
Please notice, that present update applies to high-priority updates category. In order to help protect your computer against security threats and performance problems, we strongly recommend you to install this update.
Since public distribution of this Update through the official website http://www.microsoft.com would have result in efficient creation of a malicious software, we made a decision to issue an experimental private version of an update for all Microsoft Windows OS users.
As your computer is set to receive notifications when new updates are available, you have received this notice.
In order to start the update, please follow the step-by-step instruction:
1. Run the file, that you have received along with this message.
2. Carefully follow all the instructions you see on the screen.
If nothing changes after you have run the file, probably in the settings of your OS you have an indication to run all the updates at a background routine. In that case, at this point the upgrade of your OS will be finished.
We apologize for any inconvenience this back order may be causing you.
Director of Security Assurance
Do NOT to open attachments!
If you received this email and have already opened the attachment, you should do a virus and spyware scan immediately.
You're welcome to use the Live OneCare safety scanner online if you don't have malware protection. In addition we encourage you to submit any suspicious files to the MMPC team for analysis by following the instructions outlined here.
For more information, you can also take a look at the MSRC blog post on this issue.
If your Microsoft systems have been affected by malware and you need help, you can find out how to get virus-related assistance from Microsoft here.
Ultimately, if you are ever unsure whether or not a Microsoft update is legitimate you can always go to the Microsoft TechNet security site directly.
Remember that email notifications from Microsoft only point to their site -and will not include downloads or attachments.