Users of Microsoft’s Windows operating system need to be cautious when interacting with emails and download links due to a new scam targeting them with counterfeit software updates. Cyber attackers are luring Windows users to deceptive websites resembling official Microsoft pages. These sites prompt users to download what appears to be a legitimate Windows update but actually contains harmful malware aimed at stealing sensitive information such as passwords and payment details.
According to cybersecurity experts at Malwarebytes, the scam utilizes fake Microsoft Support and Windows Update websites designed to mimic the appearance of legitimate Microsoft platforms. The fraudulent pages replicate Microsoft’s fonts, colors, design, and use convincing web addresses to deceive unsuspecting users.
Malwarebytes advised users not to click on any suspicious links urging them to install urgent updates but rather to verify updates directly through Settings > Windows Update. The downloaded file looks authentic, making it challenging for users and some security software to detect the malicious content.
While the current targets of the scam seem to be primarily in France, experts caution that the campaign could quickly spread, emphasizing the importance of all Windows users exercising caution and refraining from downloading suspicious files.
To enhance security, users should avoid trusting update links sent via email, text messages, or social media. The recommended method to install updates safely is through the Windows built-in update system by going to Start, then Settings > Windows Update, and selecting “Check for updates.”
Users should approach any website offering a separate Windows update download with skepticism. Security specialists also suggest enabling automatic updates to reduce the risk of falling victim to fake update scams and the need for manual installations.
Windows 11 users, in particular, are advised to be extra vigilant against unexpected messages demanding urgent updates for their devices. Installing software exclusively through official Microsoft channels remains the most effective defense against such malicious attacks.