Windows users are being targeted by a new scam involving fake software updates that aim to steal personal information. Cyber attackers are directing users to deceptive websites that mimic official Microsoft pages, prompting them to download what appears to be a legitimate Windows update. However, these files actually contain harmful malware designed to steal sensitive data like passwords and payment information.
According to cybersecurity experts at Malwarebytes, the scam involves fake Microsoft Support and Windows Update websites that closely resemble the real ones. These fraudulent pages replicate Microsoft’s design elements and use convincing web addresses to deceive unsuspecting users. Malwarebytes advises users not to click on any suspicious links in emails, texts, or notifications, but instead to manually check for updates through the Windows Update settings.
The downloaded malicious files are crafted to look authentic, making it challenging for users and security software to detect them. While the current targets seem to be primarily in France, experts caution that the scam could quickly spread to other regions. To avoid falling victim to such attacks, users are urged to only install updates through the official Windows Update system by accessing it directly from the settings menu.
Users should exercise caution and refrain from trusting update links received via email, text messages, or social media. Enabling automatic updates and avoiding separate download links for Windows updates are recommended security practices. Particularly, Windows 11 users should be cautious of unexpected update messages and stick to official Microsoft channels for software installations to protect themselves from potential threats.