A new deceptive scheme has been uncovered targeting Microsoft Windows users through fraudulent software updates. This scam directs users to fake websites resembling official Microsoft pages, prompting them to download what appears to be a legitimate Windows update. However, the file actually contains harmful malware aimed at stealing sensitive information like passwords and payment details.
Cybersecurity experts at Malwarebytes have identified this scam using websites designed to mimic Microsoft Support and Windows Update pages. These fraudulent sites replicate Microsoft’s fonts, colors, and design to deceive users effectively.
To avoid falling victim to this scam, Malwarebytes advises users not to click on any urgent update links received via email, text, or notification. Instead, they recommend verifying updates directly through the Windows Update section in Settings.
The downloaded file looks authentic, making it challenging for users and some security software to detect the malware. While the current targets seem to be primarily in France, experts caution that these attacks can quickly spread, urging all Windows users to exercise caution and refrain from downloading suspicious files.
For enhanced security, users are advised to distrust update links from unverified sources like emails, text messages, or social media. The safest method to install updates is through the official Windows update system by navigating to Settings > Windows Update and selecting “Check for updates.”
Any website suggesting a separate Windows update download should be viewed skeptically. Security specialists also recommend enabling automatic updates to minimize manual installations and reduce the risk of falling prey to fake update scams.
Windows 11 users should be particularly cautious of unexpected messages requiring urgent updates. Installing software exclusively through official Microsoft channels remains the most effective defense against such malicious attacks.
