Friday, September 07, 2012

Hackers are distributing rogue email notifications about changes in Microsoft's Services Agreement

Hackers are distributing rogue email notifications about changes in Microsoft's Services Agreement to trick people into visiting malicious pages designed to infect you with malware [5 September 2012]

Beware of fake Microsoft notification emails
The email messages are identical copies of legitimate notifications that Microsoft sent out to users to announce changes to the company's Services Agreement that will take effect Oct. 19.

However, in the malicious versions of the emails, the correct links have been replaced with links to compromised websites.
The links host pages that attack your computer and exploit vulnerabilities in order to install malware.


This type of attack is known as a drive-by download and is very effective because it requires no user interaction to achieve its goal.

What should you do if you receive a Microsoft notification email?

Action Fraud’s advice is clear; if you are not sure it is safe do not click on the links.
Karla from Microsoft has said, "If you received an email regarding the Microsoft Services Agreement update and you're reading your email through Hotmail or Outlook.com, the legitimate email should have a Green shield that indicates the message is from a Trusted Sender,"

"If the email does not have a Green shield, you can mark the email as a Phishing scam."
Hovering over the links in the legitimate version of the email should point to locations on the microsoft.com domain. Anything else should be treated as suspicious.

To report a fraud, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.