Helping people with computers... one answer at a time.
Emails that look like a critical update from Microsoft are scams. We'll look at exactly what makes the scam obvious.
I recently received a "Critical Update" notification for Microsoft Outlook / Outlook Express in my email. I'd not gotten these before, so I wanted to double check. What should I do?
Delete that email immediately, and ignore any more copies you'll likely get.
Malware authors are constantly looking for ways to fool us into clicking on their links. Since I also got the same email, I'll use it as an example of what to look for.
Here's the email in question:
Here's the problem:
It's Totally Bogus
That link that looks like it goes to "http://update.microsoft.com/..."? In the email it looks like that, but if you click on it your browser will really go to "http://update.microsoft.com.ilkihi.com/...". See how there's an extra domain in the URL that's not in the URL that you click on?
That's the single biggest clue that this is a scam. Click on it, and you'll likely take a virus, or be the victim of some other kind of scam - particularly if you accept and install the download.
What scam artists have done is create an email that looks as much as possible like an official email from Microsoft. They've probably even copy/pasted from a real Microsoft email or web page to get the look and feel just right. Many of the other links in that email might happen to be correct, and take you to the corresponding page on Microsoft's web site. That's even a legitimate Knowledgebase identifier, though the real article has nothing to do with what the email claims.
What they're counting on is enough people blindly assuming that the email is legitimate, and clicking on the download link because they think they need this "update".
How do you protect yourself?
Realize that Microsoft never distributes updates via email. Not as a an attachment, and not even as instructions to download.
Never click on links in email that you didn't expect, or aren't 100% certain about. Never. Remember, even the technique of hovering over a link to see where it "really" goes can also many times be spoofed - you can't trust even that.
Always keep your machine up to date. If it's updates you want, then enable Windows Automatic Updates, or visit Windows Update yourself. It's also a great way to check out the legitimacy of emails like this: if you visit Windows Update, you'll be notified there if you do indeed need some update.
I'm seeing this scam more and more often, so please - be careful, and watch where you click.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.