Internet criminals are hoping to make a quick buck today (May 10) by spoofing Microsoft's monthly security update with a fake bulletin of their own.
The scam email is labeled "Urgent: Critical Security Update," and informs the recipient that Microsoft has issued a "high-priority" security fix for Windows, which can be downloaded via a link in the message, the security website Websense reports.
Unfortunately, the rogue Microsoft copycat carries a dangerous payload. The downloadable file is actually a variant of the Zeus Trojan, a notorious piece of malware that's able to infect PCs and gain remote access to bank accounts.
Whoever is behind the campaign is clever enough to know that today is Microsoft's monthly Patch Tuesday, when the company rolls out fixes for software vulnerabilities. Only two programs are receiving updates in this patch cycle, according to Microsoft.
In addition to its well-timed release, this scam takes an extra step to appear legitimate; the bait message goes as far as to explain, in poorly written English, exactly why it is not a scam.
"Since public distribution of this Update throught [sic] the official website would have result [sic] in efficient creation of a malicious software, we made a decision to issue this security update via e-mail."
If you come across this "urgent" message, or any other unsolicited offers for help, delete them and do not click on any links. To find out about Microsoft's security updates, visit the company's website.