Scammers know when the gettin's good, and with Microsoft's recent woes with Internet Explorer and its planned Oct. 26 release of WIndows 8, the market's ripe for the pickin'. So don't fall for the latest phishing scheme, which comes via email and is supposedly from Microsoft with an email address of email@example.com.
This scheme wants you to hand over passwords to your email accounts, including Gmail, Yahoo, AOL or Windows Live. The typo-filled email says:
It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click on the Verify button below and enter your login information on the following page to confirm your records.
"If you do make the mistake of clicking on the link, you are taken to a third party website (not the real Microsoft.com), where you are warned that your computer is at high risk and told to choose between logging in via Gmail, Windows Live, Yahoo or AOL," writes Graham Cluley on Sophos' Naked Security blog.
Cluley went ahead and played the scheme through, using an AOL address. This is the screen he then saw, asking him for his AOL username and password:
The information, if he types it in, is "going to be passed straight into the hands of a cybercriminal," Cluley writes. "Once your details are in their claws, they'll waste no time breaking into your online account, stealing information and potentially committing identity theft."
His advice: first, don't use the same password on multiple websites. Be "suspicious of unsolicited emails, and always think carefully before entering your webmail passwords. If you are reckless you might be handing the keys to your online life over to a complete stranger."