It has been reported that Windows 10 users are receiving emails purporting to be from Microsoft, urging them to install a new update to their machine. But be warned, it’s not an official message from the US firm and the update is packed with dangerous malware and other vicious viruses.
Commenting on this, Yossi Naar, chief visionary officer and co-founder at Cybereason, said “Phishing scams are, unfortunately, an elusive approach and they are successful time and time again because they are hard to detect.
My basic advice for people is, if someone is trying to get me to do something, don’t trust it and verify independently – meaning, if someone wants me to install something and says it’s Microsoft, don’t do it before verifying independently that the request is real. Also, in this instance, users should check on Microsoft’s website to verify that a patch has been issued. Never, ever use the provided link from an unsolicited source.
One of the most common attacks against companies where they send an email “from the CEO” and tell accounting to “wire money urgently for X” or something along these lines. They are scams and individuals need to first verify with whoever is supposed to have made the request. Don’t trust out of bound things that you didn’t trigger and aren’t expecting.
Also, in general, Microsoft specifically does not tend to email it’s users. It has never in the past (to my recollection) sent emails about “installing a patch” so I don’t see what they could have done, except as they did – alert people to this scam and explain it isn’t them.
Emails, in a broader sense – have a problem of verified trust. There is a huge list of ongoing scams, and the list continues to grow every day. Scammers figure out creative new ways of luring people into their traps. A major part of it is that it’s a low-cost operation usually – it costs the scammers nothing to send millions of emails, so even if their success rate is one in a million, it’s still worth it to the criminals in many cases.
Best practices against phishing emails and a variety of scams include increased control over communication methods, increasing verification of source senders and limiting the ability of unverified senders to send phishing emails. Increased vigilance and improving security hygiene could help reduce the viability of email as a scamming channel. Much like the ongoing discussion about secure DNS implementation – it’s often difficult both technically and politically to implement a large scale change in basic infrastructure. Nevertheless – it’s essential that we do so.”