A new scam targeting Windows users has been identified, urging caution when handling emails and download links. Cyber attackers are luring users to fake websites resembling official Microsoft pages, prompting them to download what appears to be a genuine Windows update. However, this file contains malicious software aimed at stealing sensitive data like passwords and payment information.
According to cybersecurity experts at Malwarebytes, the scam employs websites mimicking Microsoft Support and Windows Update, replicating Microsoft’s design elements to deceive users effectively. Users are advised by Malwarebytes to avoid clicking on suspicious links and instead manually check for updates through the Windows Update section in Settings.
The deceptive nature of the downloaded file contributes to its success in evading detection by users and certain security software. While initial targets seem concentrated in France, experts caution that the scam could quickly spread, urging all Windows users to exercise vigilance before downloading any updates.
To safeguard against such threats, users are urged to refrain from trusting update links received via email, text, or social media. The recommended method is to install updates through the official Windows update system by navigating to Settings > Windows Update and selecting “Check for updates.”
Any website offering Windows updates as separate downloads should be viewed skeptically. Enabling automatic updates is also advised by security professionals, as it reduces the need for manual installations and minimizes the risk of falling victim to fraudulent update schemes.
Windows 11 users are specifically warned to be cautious of unexpected messages demanding urgent updates, emphasizing the importance of only installing software from verified Microsoft sources to defend against potential attacks.