Skip Links

Network World

Tyson Kopczynski

Fake Microsoft Update Email Scam - That almost looks professional!

How simple phishing knowledge can save you big time!

By tyson.kopczynski on Thu, 06/25/09 - 5:37am.

I do not know about you, but for the past couple of days my inbox has received several emails claiming to be from Microsoft while touting links to updates for Microsoft Outlook and Outlook Express. :>) Naturally, I clicked on those links right-away and installed me some updates (not).

However, in all honesty, I was surprised at the level of effort that the sender went through in making this phishing email look more "authentic". For example:

  • First, the message itself is formatted to look like a Tech Bulletin from Microsoft.
  • There are links within the email that link off to valid addresses on the Microsoft site.
  • Lastly, the sender took care in crafting the update (phishing) URL such that it almost appears to be going to update.microsoft.com and has a valid query path for the update.

In other words, at first glance, the email looks valid. And, thanks to the senders efforts within the social engineering arena. I'm sure that the number of people falling for this email is much higher than the normally lame phishing emails that are sent out. Thus, unless the email was blocked by some kind of inbound gatekeeper. It's up to the receiver to determine how to handle this email: delete it or fall into trap.

In other words, for organizations and even consumers, the best defense in this case is awareness, training, knowledge, etc. and not some fancy security software. Ah... if only all solutions were so simple.

If you like this, check out some other posts from Tyson:

Or if you want, you can also check out some of Tyson's latest publications:

Lastly, visit the Microsoft Subnet for more news, blogs, and opinions from around the Internet. Or, sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert)

ISP blocked

0
By Anon (not verified) on Fri, 06/26/2009 - 11:21am.

My ISP, Cableone, routed these to a spam folder I had to go online to view. Had I fallen for it, I could have downloaded it to m own inbox, but at least the ISP was smart enough to recognize it. So was I after noticing there were two or more instances of the e-mail,and looking at the code on the end of the URL.....

Fake Microsoft Update Email Scam -- PGP!

0
By Andreas (not verified) on Mon, 06/29/2009 - 10:20am.

You really open emails from Microsoft Security that are not digitally signed? And you execute programs from URLs you have never looked at carefully?

My Outlook uses a colour to easily show me that any mail from Microsoft Security carries a correct signature. That would allow me to detect any fake as simple as it could be. And I always read emails in text only -- that given I never clicked on a harmless looking but dangerous URL in the past years.

Sarcasm...

0
By tyson.kopczynski on Wed, 07/01/2009 - 4:23am.

Andreas,

Please re-read... I was being sarcastic. :>)

Cheers

- T

fake microsoft update

0
By bob (not verified) on Mon, 06/29/2009 - 12:24pm.

please explain how you discovered it was a fake. i would like to avoid updating a fake too. swartzr@hra.nyc.gov

Bob...

0
By tyson.kopczynski on Wed, 07/01/2009 - 4:25am.

The true method is to look at the source of the email. However, if you hover your mouse over the link, Outlook will show you the full URL. In addition, MSFT does not send out these types of emails. So... for end-users training is key.

Cheers

- T

In other words, as a Network

0
By Anon (not verified) on Mon, 06/29/2009 - 12:30pm.

In other words, as a Network World contributor you didn't know that Microsoft doesn't send critical update notifications via email.

Again...

0
By tyson.kopczynski on Wed, 07/01/2009 - 4:26am.

I was being sarcastic... please re-read the posting to see this.

- T

Phishing???

0
By Anon (not verified) on Mon, 06/29/2009 - 12:55pm.

If the goal of this email is not to obtain personal or financial information, it would seem to fall under the social engineering category, versus phishing.

two-thirds of one-half

0
By tyson.kopczynski on Wed, 07/01/2009 - 4:29am.

Yes... the attack vector is social engineering... but the end goal is phishing.

- T

What I got was an actual windows update notification...

0
By Virginia (not verified) on Mon, 06/29/2009 - 2:03pm.

My Windows Update is set to Notify but do not download. A week ago, I kept experiencing connection problems so I logged on as an admin to troubleshoot. I notice the update notification shield so I proceeded to review the updates. In fact it was attempting to download some FireFox player of sorts and Microsoft did not have documentation for it. I recommend that people do not do auto update and Microsoft has to come up with a better way to notify us of any legitimate updates. Also Updates for the US should be programmed in the US for US Citizens served from US Servers

12next ›last »

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • You can use BBCode tags in the text.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <p> <strong> <i> <br /> <br> <ul> <ol> <li> <dl> <dt> <dd> <blockquote>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Welcome, visitor. Register Log in
About Hidden Microsoft

With more than ten years of experience in IT, Tyson Kopczynski has become a specialist in Active Directory, Information Assurance, Windows automation, PKI, and IT security practices. Tyson is also the founding author of the Windows PowerShell Unleashed series and has been a contributing author for such books as Microsoft Internet Security and Acceleration (ISA) Server 2006 Unleashed and Microsoft Windows Server 2008 Unleashed. He has also written many detailed technical papers and guides covering various technologies. As a consultant at Convergent Computing, Tyson works with and provides feedback for next generation Microsoft technologies since their inception and has also played a key role in expanding the automation and security practices at CCO. Tyson also holds such certifications as the Certified Information Systems Security Professional (CISSP), the SANS Security Essentials Certification (GSEC) and SANS Certified Incident Handler (GCIH), and the MCTS (Application Platform, Active Directory, and Network Infrastructure).


Certifications:

  • Certified Information Systems Security Professional (CISSP)
  • SANS Security Essentials Certification (GSEC)
  • SANS Certified Incident Handler (GCIH)
  • MCTS (Application Platform, Active Directory, and Network Infrastructure)
  • Microsoft Certified Systems Engineer (MCSE) Security
  • CompTIA Security+

Publications:


Other Stuff:

  • Blogger NetworkWorld.com from June 2007
  • GIAC Advisory Board from 2009
  • SANS GSEC Local Mentor (a long time ago)
  • CompTIA Security+ SME (a long time ago)
  • Judge, Imagine Cup 2005 Int'l IT Competition
  • Judge, Imagine Cup 2007 Int'l IT Competition