Friday, 18 October 2013

"Microsoft Windows Update" phish

A random and untargeted attempt at phishing with a Windows Update twist.

From:     Microsoft Office [accounts-updates@microsoft.com]
Date:     17 October 2013 02:54
Subject:     Microsoft Windows Update

Dear Customer,

Evaluation period has expired. For information on how to upgrade your windows software please Upgrade Here.

Thank you,

Copyright © 2013 Microsoft Inc. All rights reserved.
The email originates from 66.160.250.236 [mail.andrustrucking.com] which is a trucking company called Doug Andrus Distributing.. so perhaps Microsoft are farming out the updates to a random Idaho company. Or perhaps they have had their email system compromised (maybe by someone using the same phishing technique).

Anyway, the link in the email goes to a legitimate but hacked site and then lands on a phishing page hosted on [donotclick]www.cycook.com/zboard//microsoft-update/index.php.htm. Despite the email saying "Windows Update", the landing page has had Office branding crudely pasted into it.


Entering your credentials simply takes you to a genuine Microsoft page:

Phishing isn't restricted to stuff like bank accounts, the spammers also like a fresh supply of email accounts to abuse, so as ever.. exercise caution.

No comments: