Cybercriminals are targeting users of Microsoft’s Windows operating system with a new scam involving fake software updates. These attackers are luring Windows users to counterfeit websites that closely mimic official Microsoft pages. Once on these deceptive sites, users are prompted to download what appears to be a legitimate Windows update, but in reality, the file contains dangerous malware aimed at stealing sensitive information such as passwords, payment details, and account credentials.
Security experts from Malwarebytes have identified that the scam utilizes websites designed to replicate Microsoft Support and Windows Update pages, using similar fonts, colors, design elements, and convincing web addresses to deceive unsuspecting users. To avoid falling victim to these scams, Malwarebytes advises users not to click on any links in emails, texts, or notifications urging urgent updates, but instead to manually check for updates through the Windows Update feature in Settings.
The malicious software being distributed appears authentic, making it difficult for users and some security programs to detect the threat. Although the current targets seem to be primarily in France, experts warn that these attacks can quickly spread, emphasizing the importance for all Windows users to exercise caution and refrain from downloading suspicious files.
To safeguard against such threats, users are urged to never trust update links received via email, text messages, or social media. The safest method to install updates is through the official Windows update system by accessing Settings, navigating to Windows Update, and selecting “Check for updates.” Users should be wary of any website offering a Windows update download separately and are advised to enable automatic updates as an additional security measure to minimize the risk of falling prey to fake update schemes.
For Windows 11 users, extra vigilance is recommended when encountering unexpected messages prompting urgent updates, with the best defense against these attacks being to exclusively install software through verified Microsoft channels.