Security News > 2020 > September > Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials
An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems - but in reality, they are redirected to a fake Outlook login page that steals their credentials.
Windows 7 reached end-of-life on Jan. 14, with Microsoft urging enterprises to upgrade to its Windows 10 operating system.
The phishing emails in question, entitled "Re: Microsoft Windows Upgrade," use the "Re" prefix, which researchers said may instill a sense of urgency by leading the user to believe they have missed a prior communication about the upgrade.
Below, it then tells users, "To Upgrade your Windows 10, please open your browser to the Windows 10 Upgrade Project Site," pointing to a URL. This link then takes the recipient to the phishing landing page.
The campaign urged victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. However, with Windows 7 ending official support, enterprises can expect a surge with better, more sophisticated versions of this kind of phishing attack, they said.
News URL
https://threatpost.com/windows-7-outlook/159621/
Related news
- Microsoft fixes Outlook email sending issue for users with many folders (source)
- Microsoft Outlook bug blocks email logins, causes app crashes (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) (source)
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Gang gobbles 15K credentials from cloud and email providers' garbage Git configs (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)