Security News > 2020 > September > Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials

An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems - but in reality, they are redirected to a fake Outlook login page that steals their credentials.
Windows 7 reached end-of-life on Jan. 14, with Microsoft urging enterprises to upgrade to its Windows 10 operating system.
The phishing emails in question, entitled "Re: Microsoft Windows Upgrade," use the "Re" prefix, which researchers said may instill a sense of urgency by leading the user to believe they have missed a prior communication about the upgrade.
Below, it then tells users, "To Upgrade your Windows 10, please open your browser to the Windows 10 Upgrade Project Site," pointing to a URL. This link then takes the recipient to the phishing landing page.
The campaign urged victims to "Update," only to steal their credentials for Cisco's Webex web conferencing platform instead. However, with Windows 7 ending official support, enterprises can expect a surge with better, more sophisticated versions of this kind of phishing attack, they said.
News URL
https://threatpost.com/windows-7-outlook/159621/
Related news
- Microsoft lifts Windows 11 upgrade block after Asphalt 8 crash fix (source)
- Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft (source)
- Microsoft: Some devices offered Windows 11 upgrades despite Intune blocks (source)
- Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials (source)