Security News > 2020 > September > Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials
An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems - but in reality, they are redirected to a fake Outlook login page that steals their credentials.
Windows 7 reached end-of-life on Jan. 14, with Microsoft urging enterprises to upgrade to its Windows 10 operating system.
The phishing emails in question, entitled "Re: Microsoft Windows Upgrade," use the "Re" prefix, which researchers said may instill a sense of urgency by leading the user to believe they have missed a prior communication about the upgrade.
Below, it then tells users, "To Upgrade your Windows 10, please open your browser to the Windows 10 Upgrade Project Site," pointing to a URL. This link then takes the recipient to the phishing landing page.
The campaign urged victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. However, with Windows 7 ending official support, enterprises can expect a surge with better, more sophisticated versions of this kind of phishing attack, they said.
News URL
https://threatpost.com/windows-7-outlook/159621/
Related news
- Windows 10 users urged to upgrade to avoid "security fiasco" (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft removes Assassin’s Creed Windows 11 upgrade blocks (source)
- Microsoft shares temp fix for Outlook crashing when writing emails (source)
- January Windows 10 preview update force installs new Outlook (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials (source)