Windows users are being targeted by a new scam involving fake software updates that aim to steal sensitive information. Cybercriminals are luring users to fraudulent websites that mimic official Microsoft pages, urging them to download what appears to be a legitimate Windows update. In reality, these downloads contain harmful malware designed to compromise passwords, payment data, and account details.
Security researchers at Malwarebytes have identified this scam, noting that the fake websites imitate Microsoft Support and Windows Update pages with convincing design elements. To enhance the deception, these sites replicate Microsoft’s fonts, colors, and web addresses, making them appear authentic to unsuspecting users.
To avoid falling victim to this scam, Malwarebytes advises users to ignore any emails, texts, or notifications prompting them to install urgent updates and instead check for updates directly through the Windows Update section in Settings. The downloaded files are crafted to appear genuine, making it difficult for users and some security software to detect the malicious intent.
Although the initial targets seem to be in France, experts warn that such campaigns can quickly spread, underscoring the need for all Windows users to exercise caution and refrain from downloading suspicious files. It is crucial for users to only trust update links from official sources and utilize Windows’ built-in update system by navigating to Settings > Windows Update and selecting “Check for updates.”
Users should be wary of any website offering a separate Windows update download and are encouraged to enable automatic updates to reduce the risk of falling prey to fake update scams. Specifically, Windows 11 users should be vigilant against unexpected messages demanding urgent updates, emphasizing the importance of obtaining software exclusively from Microsoft’s official channels to shield against these cyber threats.
