Windows users are being targeted by a new scam involving fake software updates, cybersecurity experts have warned. Attackers are directing users to deceptive websites that mimic official Microsoft pages, prompting them to download what appears to be a legitimate Windows update. However, the file actually contains dangerous malware designed to steal sensitive information like passwords and payment details.
Malwarebytes researchers have uncovered this scam, which utilizes websites designed to look like Microsoft Support and Windows Update pages. The fake sites closely replicate Microsoft’s branding and design to deceive unsuspecting users. To avoid falling victim to this scheme, users are advised not to click on any links in emails or notifications urging them to install urgent updates. Instead, they should manually check for updates through the Windows Update feature in the system settings.
The downloaded malicious file is cleverly disguised to appear authentic, making it difficult for users and some security software to detect its harmful nature. While the current focus of the scam seems to be in France, experts caution that it could spread quickly to other regions. To safeguard against such threats, users are encouraged to never trust update links received through email, text messages, or social media. The safest method to update Windows is by using the built-in Windows Update feature in the system settings.
Users should be cautious of any website offering a separate download for a Windows update and are advised to enable automatic updates to reduce the risk of falling for fake update scams. Particularly, Windows 11 users should be extra vigilant against unexpected messages requesting urgent updates, and it is crucial to only install software from official Microsoft sources to protect against these malicious attacks.