Security News > 2020 > September > Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials
An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems - but in reality, they are redirected to a fake Outlook login page that steals their credentials.
Windows 7 reached end-of-life on Jan. 14, with Microsoft urging enterprises to upgrade to its Windows 10 operating system.
The phishing emails in question, entitled "Re: Microsoft Windows Upgrade," use the "Re" prefix, which researchers said may instill a sense of urgency by leading the user to believe they have missed a prior communication about the upgrade.
Below, it then tells users, "To Upgrade your Windows 10, please open your browser to the Windows 10 Upgrade Project Site," pointing to a URL. This link then takes the recipient to the phishing landing page.
The campaign urged victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. However, with Windows 7 ending official support, enterprises can expect a surge with better, more sophisticated versions of this kind of phishing attack, they said.
News URL
https://threatpost.com/windows-7-outlook/159621/
Related news
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials (source)
- Windows 11 24H2 upgrades now blocked for some AutoCAD users (source)
- Microsoft fixes Outlook drag-and-drop broken by Windows updates (source)
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)