Did I really get a critical update notification for Outlook Express in my email?

Helping people with computers... one answer at a time.

Emails that look like a critical update from Microsoft are scams. We'll look at exactly what makes the scam obvious.

I recently received a "Critical Update" notification for Microsoft Outlook / Outlook Express in my email. I'd not gotten these before, so I wanted to double check. What should I do?

•

Delete that email immediately, and ignore any more copies you'll likely get.

Malware authors are constantly looking for ways to fool us into clicking on their links. Since I also got the same email, I'll use it as an example of what to look for.

•

Here's the email in question:

From: "Microsoft Customer Support" <no-reply@microsoft.com>
Subject: Microsoft has released an update for Microsoft Outlook

Critical Update

Update for Microsoft Outlook / Outlook Express (KB910721)

Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

To install Update for Microsoft Outlook / Outlook Express (KB910721) please visit Microsoft Update Center:
http://update.microsoft.com/microsoftofficeupdate/isapdl/default.aspx?ln=en-us&id=4073213066266196307501839191291857099795707196499436900323714412165512

Quick Details

File Name: officexp-KB910721-FullFile-ENU.exe
Version: 1.4
Date Published: Mon, 22 Jun 2009 15:17:14 -0500
Language: English
File Size: 81 KB

System Requirements

Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista
This update applies to the following product: Microsoft Outlook / Outlook Express

Here's the problem:

It's Totally Bogus

"What scam artists have done is create an email that looks as much as possible like an official email from Microsoft."

That link that looks like it goes to "http://update.microsoft.com/..."? In the email it looks like that, but if you click on it your browser will really go to "http://update.microsoft.com.ilkihi.com/...". See how there's an extra domain in the URL that's not in the URL that you click on?

That's the single biggest clue that this is a scam. Click on it, and you'll likely take a virus, or be the victim of some other kind of scam - particularly if you accept and install the download.

What scam artists have done is create an email that looks as much as possible like an official email from Microsoft. They've probably even copy/pasted from a real Microsoft email or web page to get the look and feel just right. Many of the other links in that email might happen to be correct, and take you to the corresponding page on Microsoft's web site. That's even a legitimate Knowledgebase identifier, though the real article has nothing to do with what the email claims.

What they're counting on is enough people blindly assuming that the email is legitimate, and clicking on the download link because they think they need this "update".

How do you protect yourself?

Realize that Microsoft never distributes updates via email. Not as a an attachment, and not even as instructions to download.
Never click on links in email that you didn't expect, or aren't 100% certain about. Never. Remember, even the technique of hovering over a link to see where it "really" goes can also many times be spoofed - you can't trust even that.
Always keep your machine up to date. If it's updates you want, then enable Windows Automatic Updates, or visit Windows Update yourself. It's also a great way to check out the legitimacy of emails like this: if you visit Windows Update, you'll be notified there if you do indeed need some update.

I'm seeing this scam more and more often, so please - be careful, and watch where you click.

Article C3770 - June 22, 2009

Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

You may also be interested in:

Why does my email program think that this message might be a scam? Occasionally, security software examines links in email and alerts you if something is suspicious. Frequently, as in my newsletter, it's totally benign.
Phishing? What's Phishing? Phishing is a way that internet scammers trick you into providing your personal and financial details. Phishing opens the door to identity theft, and more.
Did I really just win an email lottery or sweepstakes? We all receive emails that indicate we've won several different lotteries. Are any of these winning notifications valid? I'll review what to look for.

Recent Comments

9 Comments

Microsoft recently sent an email entittled "Important info for Hotmail customers on Outlook, Outlook� Express, or Entourage" That email had a link to download Windows Live Mail and various other links including instructions if the user wanted to continue using Outlook Express or the other programs mentioned.

The email states that Microsoft is changing the way email programs access Hotmail effective 9/1/2009.

This email was legitimate even though I took the precaution of downloading Windows Live Mail directly from Miscroft's website rather than following the link in the email. I post this to show that Microsoft has posted instructions for downloading in an email, at least on this occasion.

Posted by: Nigel Broder at June 30, 2009 12:38 PM

HI, if I suspect an address I've been asked to click on, I just hover the mouse above it and see what appears in the line at the bottom of the screen. If it is not the same as was given in the email I know there is something wrong so I don't click on it.
best wishes
Margaret

That's excellent advice, and something I recommend everyone get into the habit of doing. However, it's not foolproof. Depending on the email program being used, and the sophistication of the scam it's possible for the displayed link at the bottom to still not display the actual target. In other words it's possible for your technique to be fooled as well. Caution, caution, caution. Much better to copy/paste the link you see into a browser, or avoid that all together and visit the site yourself by typing in the address or using a bookmark of your own.

- Leo
01-Jul-2009

Posted by: margaret luck at June 30, 2009 1:47 PM

Ok. So imagine I never got to this site how do I get rid of the problem, and does it affect outlook

The full scam addres should not have been posted here,

WHY do you think I would be daft to put it in the address bar and press enter

Posted by: John Heaps at July 1, 2009 11:11 AM

the give away for me was the first of these I got wasn't to my exact email address!!! (ie it was to ****@ukgateway.net)

Posted by: anthea dore at October 26, 2009 4:17 AM

I received an email this morning which stated (and I am going to type this exactly spelt etc as it appeared in my email site)
Your Email Has Reach its quota copy or paste the link below and fill out the required details to avoid lost of your account

http/twe.ly/University Admin
Thanks For Co-operating with Us
Copyright (c) 2011
University Help desk Centre

I have been made aware of a lot of scam going around lately as I've had several phone calls supposidly from Microsoft asking me to put my computer on as it needs 'healing' ha ha I don't think so I suggested I phone them back but they insisted they would call me but I then just put the phone down.

What makes me think this is a hoax or scam is the use of capital letters in odd places and bad English such as he word Reach instead of reached and the use of the capital 'R' where it's not needed.
I look forward to your reply.
Sandra

Quick test: if it asks for your password it's almost certainly a scam.

19-Sep-2011

Posted by: Sandra at September 19, 2011 7:58 AM

See all 9 comments...

Post a comment on "Did I really get a critical update notification for Outlook Express in my email?":

Name: (Required - will be included when your comment is published.)

Email Address: (Required - will not be published.)

Remember Me? YesNo

Comments: (You may use HTML tags for style)

Before commenting, please...

READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored.
Comment only on the article. Use the search box at the top of the page if you have a question about something else.
NO PERSONAL INFORMATION in the comment. No email addresses. No phone numbers. No physical addresses.

Anything that looks the least bit like spam will be deleted. Links to unrelated sites or links that appear to be primarily promotional will be deleted, or the comment will be deleted.
Don't ask me to recover lost passwords or hacked accounts. I can't. Those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
READ THE ARTICLE. A comment that shows you didn't will be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!
The Tip Jar: Buy Leo a Latte!

Categories | Full Archive
By Date | Business Card | About

Advertisements do not imply my endorsement of any product or service.

Copyright © 2003-2012 Puget Sound Software, LLC and Leo A. Notenboom
Ask Leo! is a registered trademark ® of Puget Sound Software, LLC
Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure

http://ask-leo.com/did_i_really_get_a_critical_update_notification_for_outlook_express_in_my_email.html