Industrious and grammatically challenged scam artists are targeting Microsoft customers with an email-based phishing campaign in which the scammers attempt to fool users into revealing their credit card numbers. The campaign takes advantage of a recent Microsoft antipiracy announcement that warned users that the company will deny most product updates to users who have illegitimate Windows copies.
Here's how the scam works: The scammers flood inboxes with email messages that appear to come from security@microsoft.com; one rendition bears the subject line "Microsoft Windows Update." The message notes, "If you do not comply with our policy, windows [sic] will ask you to reactivate your serial number, and it will become invalid ... So you will lose any information on your computer. If you do not validate your serial number, your copy of windows [sic] will be labeled as piracy." A similar message offers to give users Microsoft security tools.
The messages then ask users to visit a specific Web page and update or validate their Windows Product IDs and credit card information. The messages note that credit cards won't be charged but that the numbers are required to ensure that users' versions of Windows are legitimate. Humorously, the email appears to come from the Windows XP Activation Team. The message leads users to a non-Microsoft Web site that's based in Romania, however, and there's no such entity as the Windows XP Activation Team. Furthermore, Microsoft would never request credit card information via an email message.
Security researchers note that the scam is even more insidious than it first appears. In addition to stealing users' credit card numbers, the Web site that's linked in the message attempts to install spyware on users' systems when they visit the site. The spyware is delivered in the form of a Microsoft Internet Explorer (IE)-based Browser Helper Object.
End of Article
It is time that users became more aware of the potential pitfalls of using the Internet. Over that last few years, governments and large corporations have been encouraging more and more users to use the Internet for recreational and business use. More banks now insist that users use online banking and, in order to force the issue, are closing local branches. This is, as with all new forms of communication, giving the scammers and phishers an ideal opportunity.
Governments and corps. should be providing more information about personal security for online users, but I suspect that they won't until something very big happens that costs them a lot of money.
It will always be a case of 'closing the stable door after the horse has bolted'. To many organisations ahve seen the Internet as a way of saving personnel and building costs without realising the full impact of their client base and their own security.
Donal Casey
Anonymous User February 07, 2005 (Article Rating: )
That dun happen wiv me n fiiiiirrrrreeeeeeeffffoooooooxxxxxx
Anonymous User February 07, 2005
That dun happen wiv me n fiiiiirrrrreeeeeeeffffoooooooxxxxxx you don't to understand anything you idiot!
Anonymous User February 07, 2005
What I love about the open source idiots on this site is that they assume the problem is always windows and internet explorer. While I will be the first to admit Internet Explorer is buggy as the Amazon, this problem is not fixed by Firefox but rather educating the users on how to handle their online information and to be aware of these types of scams. The only thing Firefox would fix is the spyware "feature". Firefox does not stop people from sending their credit card information to an unknown source unless it communicates telepathically to the user and says stay away from this page, hell I hear it talking to me already. Idiots.
Anonymous User February 07, 2005
People will always make victims of themselves. It's just users of Microsoft software are more likely to be victims of computer-related fraud.
Anonymous User February 07, 2005
Phishing scams can be quite elaborate. I went to a website that offered a "Can you tell if it is a Phising Scam" test. I thought I got all the examples right when doing the test but, in fact, I missed several. Most people miss at least one if not several even if they are experienced with computers and the Internet.
Whether one is running MSIE and Outlook or whatever other combination of browser and email software it doesn't matter. The only thing that will help is being cautious and reluctant, and double-checking.
People who think Firefox will protect them are looking to fool's gold.
msgstephen February 07, 2005
fiiiirrrreeeee eeeffffxoooooox is nut foolsgold but real gold!!!! best browser everr rrrrrr
Anonymous User February 07, 2005
there are some real dumbasses leaving posts on this. it doesn't even matter what software you are using, considering success of the scam is ultimately achieved by the person typing in their info and sending it...i get paypal scams almost everyday and they look the same in thunderbird, outlook and mac mail....not one of them taps me and says "hey this is a scam"
Anonymous User February 07, 2005
Ya, firefox is nice, but as msgstephen said, a browser is only as good as its owner. It doesn't know if you're about to lose money on a share or bet, it doesn't know or care about anything. It just does what it was designed to do: allow the owner to browse the world wide web.
Anonymous User February 07, 2005
We -- the people who visit sites like Paul Thurrott's -- represent the technically savvy who would question a request for software authentication using a credit card, and we would disregard it if there were grammatical errors. However, there are folks who boot up there PCs right out of the box with no interest at all in the goings-on of the IT field. A phishing email -- grammatically challenged or not -- would likely spook someone like this. That is the danger. We have educated ourselves about this type of fraud, but who will teach the Luddites? They have as much as any of us to lose, but educating the masses is not an easy thing to do. Regardless of their choice of technology (IE, Firefox, Windows, Mac), they are wide open to many forms of online fraud.
You must be a registered user or online subscriber to comment on this article. Please log on before posting a comment. Are you a new visitor?
Register now
Microsoft on Monday issued a lengthy statement about the recent Windows 7 battery controversy, echoing my assessment from earlier in the day, but backing it up with hard, cold evidence. ...
While Microsoft is still investigating a notebook battery life issue that was supposedly caused by Windows 7, some interesting trends have emerged. ...
Should Your Email Live in the Cloud? This Forrester report shows how-to calculate your on-premise email costs and compare with cloud-based alternatives and offers best practices for reducing email costs.
New from Left-Brain.com - Manage VMware with PowerShell Learn how to perform everything from simple ad-hoc reporting at the command-line to complex scripts that automate a massive deployment of hundreds of virtual machines. Solve your old problems using less code than you thought possible!
)
Register
Governments and corps. should be providing more information about personal security for online users, but I suspect that they won't until something very big happens that costs them a lot of money.
It will always be a case of 'closing the stable door after the horse has bolted'. To many organisations ahve seen the Internet as a way of saving personnel and building costs without realising the full impact of their client base and their own security.
Donal Casey
Anonymous User February 07, 2005 (Article Rating: