Cybercriminals are targeting Microsoft Windows users with a new scam involving fake software updates. These scammers are leading unsuspecting victims to fraudulent websites that closely mimic official Microsoft pages. Once on these deceptive sites, users are prompted to download what appears to be a legitimate Windows update. However, this file actually contains harmful malware designed to steal sensitive information like passwords, payment details, and account credentials.
According to cybersecurity researchers at Malwarebytes, the scam relies on websites that mimic Microsoft Support and Windows Update pages. These fake sites replicate Microsoft’s fonts, colors, design, and URLs to deceive users effectively.
To avoid falling victim to this scam, users are advised not to click on any suspicious update links received via email, text, or social media. Instead, it is recommended to access Windows Update directly through the system settings to confirm the authenticity of any available updates.
The scammers have made the malicious file appear genuine, making it harder for users and some security software to identify it as a threat. While the current targets seem to be primarily in France, experts caution that this scam could quickly spread, emphasizing the importance of all Windows users remaining cautious and refraining from downloading suspicious files.
To enhance security, users should always be cautious of separate Windows update downloads from unfamiliar websites. Enabling automatic updates is also recommended by security experts as it reduces the risk of falling prey to fake update scams.
Windows 11 users, in particular, should be wary of unexpected messages urging immediate updates, as installing software only through official Microsoft channels is the most effective defense against these malicious attacks.