Beware: The next time you get an email from email@example.com in your inbox, click delete. That’s because you’re likely the target of a phishing scam designed to steal Gmail, Yahoo, Windows Live and AOL passwords, according to Naked Security, a blog by IT security firm Sophos.
Titled, “Microsoft Windows Update,” the email urges recipients to verify their email accounts by entering personal login information.
Dear Windows User,
It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.
This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click in the Verify button below and enter your login information on the following page to Confirm your records.
Microsoft Windows Team.
While the hoax is pretty slick, eagle-eye Internet users will notice odd instances of capitalization and grammar that betray the email’s insidious intentions.
Clicking on the “verify” link leads you to a third-party website that purports to be Microsoft.com, but actually isn’t the real deal, Naked Security says. Here, users are warned that their computers are out-of-date and at high risk; they are then “required” to select one of four email providers and enter their username and password. Naturally, this information is sent directly to the scammers — putting recipients at risk of online identity theft.