Security News > 2020 > September > Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials
An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems - but in reality, they are redirected to a fake Outlook login page that steals their credentials.
Windows 7 reached end-of-life on Jan. 14, with Microsoft urging enterprises to upgrade to its Windows 10 operating system.
The phishing emails in question, entitled "Re: Microsoft Windows Upgrade," use the "Re" prefix, which researchers said may instill a sense of urgency by leading the user to believe they have missed a prior communication about the upgrade.
Below, it then tells users, "To Upgrade your Windows 10, please open your browser to the Windows 10 Upgrade Project Site," pointing to a URL. This link then takes the recipient to the phishing landing page.
The campaign urged victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. However, with Windows 7 ending official support, enterprises can expect a surge with better, more sophisticated versions of this kind of phishing attack, they said.
News URL
https://threatpost.com/windows-7-outlook/159621/
Related news
- Windows Themes zero-day bug exposes users to NTLM credential theft (source)
- Gang gobbles 15K credentials from cloud and email providers' garbage Git configs (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+ (source)
- Outdated Google Workspace Sync blocks Windows 11 24H2 upgrades (source)
- Windows 11 24H2 upgrades blocked on some PCs due to audio issues (source)