We would like to bring to your attention a new scam that is targeting unsuspecting Windows users with a fake Microsoft email.  Below are some of the details and examples for you to share with your wider business to help them quickly identity potentially harmful emails.

It comes as users are eagerly awaiting their turn to receive Microsoft’s latest upgrade, Windows 10.  Opportunistic attackers are taking advantage by sending out phishing emails designed as Windows 10 upgrade alerts from Microsoft, but instead delivers ransomware. Below is an example of the Windows 10 scam email including some distinct features to help you identify that the email is fake.

Sample of the windows 10 scam email. Here’s what you need to watch out for:

  • The scam email appears to come from the official company, using the address upgrade@microsoft.com.
  • Attackers have also mimicked the blue and white colour scheme used by Microsoft in its Windows 10 branding, making them appear more legitimate.
  • You will also notice that there are mangled characters and grammatical errors in the body of the text. A closer look at the IP address also reveals that the sender is actually based in Thailand.
  • The fake email also includes a disclaimer assuring the content is virus-free, similar to one a user might expect from Microsoft.

Microsoft Hoax Info 1

Users who download the file from a suspected fake email will see a message like this:

  • If the attached.zip file from the suspected email is downloaded, rather than receiving a Windows 10 installer, a piece of ransomware dubbed CTB-Locker launches and encrypts your files.

Microsoft Hoax Info 2

The malware will then request payment within 96 hours to decrypt the documents. Should payment not be made, the blackmailers threaten to destroy the decryption key and leave files permanently scrambled.

How you can defend yourself from ransomware?

  • Do not open the attachments or click on the links.
  • Delete the message and empty your recycle bin.
  • If you do get infected, the first and most important step is to remove the machine from the network to limit the damage.
  • Contact your IT department or Managed Service Provider if you are unsure for guidance.
  • Browse our email security page and get in touch