There will always be things in our lives that just keep turning up like bad pennies. For example, you might think you’ve gotten rid of the devil bird that tweets outside your window at six in the morning. You’d be wrong. So, we’re advising you to keep your eyes peeled for a fake Microsoft update security bulletin that’s making the rounds again; and as this seems to be a recurring issue, we’ve got a few tips that will keep you well prepared for the future too.
This particular scam – and Microsoft is no stranger to them at the moment – comes packaged as an email pretending to come from Microsoft; it either invites users to click on a URL that will redirect to a malicious website, or contains a malicious attachment. It’s been around for years in one form or another, but we’ve had a bulletin this morning warning that it’s getting all up in our grills again. So, keep a beady eye out and be aware that if you receive an email claiming to offer a Microsoft security update, it’s a hoax and may contain malware or pointers to bad websites.
Example of the email
Subject: Security update KB971033 has been released.
There are important steps you should take to protect yourself from online threats such as financial crimeware and identity theft. Taking the steps below to protect your computer not only saves you time and trouble should something go wrong, but also ensures that you are getting the best online experience.
There’s an easy, free way to help keep your PC safer and running smoothly. It’s called Windows Update. All you have to do is turn it on, and you’ll get the latest security and other important updates from Microsoft automatically.
Setting up Windows Update is simple: Just go to the Microsoft Update website. If you’ve already got automatic updating turned on, Windows Update in Control Panel will open and show your update status. If it’s not yet turned on, you’ll be guided through the steps to do so. After that, all the latest security and performance improvements will be installed on your PC quickly and reliably.
We detected that you don’t have installed Anti-spoofing update KB971033 from Microsoft, this update will protect you from accessing fake pages like phishing site by checking any accessed link without any delay in browsers and also will fix CVE-2012-3651 (Adobe auto-downloader) exploit, you can install it with just one click here:
When you turn on automatic updating, most updates will download and install without you having to lift a finger. But sometimes Windows Update will need your input during an installation. In this case, you’ll see an alert in the notification area at the far right of the taskbar be sure to click it. If you don’t respond to a Windows Update alert, your PC might end up missing an important download.
We recommend that you use automatic updating but if you choose not to, be sure to check for updates at least once a week.
The cheeky little nippers hide the scam between paragraphs of legit security information stolen from other sources, including Microsoft itself; and even use the number of a genuine Microsoft update (KB971033). There’s also a phone based version of the scam, where criminals posing as Microsoft technicians call you, saying that they’ve detected errors or viruses on your computer. These tend to get sent around the time that genuine updates are available to confuse users, so be particularly wary around these times.
Another thing to bear in mind for the future is that Microsoft doesn’t distribute security updates via email; it issues them on a regular basis straight to desktops. So, always update your Microsoft operating system via Windows Update, not by clicking a link in an unsolicited email. Microsoft also doesn’t check your computer for errors or security issues, and will never email or call you unsolicited about computer problems.
So, don’t let it get to you. You can ignore this fake bulletin, but I can’t ignore that evil bird.
If you have any questions about security at UKFast, give us a call on 0208 045 4945 or contact your account manager.