Earlier this month, I read on the Cisco Security blog that the Talos Security Group outlined “a spam campaign that was taking advantage of a different type of current event.”
In this case, the launch of Windows 10 upgrades.
A good resource is the new post on email and phone scams claiming to be the Windows 10 upgrade.
“If you have received an email with an attachment that claims to be the Windows 10 upgrade, or have received a call offering to help walk you through the Windows 10 upgrade, please do not open the attachment or follow their instructions.
“Unfortunately, cybercriminals are trying to capitalize on the great momentum of Windows 10, with nefarious email, web, and phone scams directing our customers to install ransomware and other malware.
“Windows 10 is a free upgrade offered by Microsoft which you can take advantage of by reserving your free copy online, or by visiting a Microsoft Store near you to secure free upgrade services.
“Microsoft does not initiate calls to customers to assist with Windows 10 installation or technical support, nor do we send emails with installation files attached. If you have been contacted by telephone or if you have received such emails with attached installation files, consider these fraudulent and do not share your personal information or open the attachment.”
What should you do?
First and foremost, know that Windows 10 will not be delivered through any links in emails. As you’ve probably read, the free upgrade to Windows 10 is being made available in stages, so you may not be able to get it yet. At the office, most of my machines have been upgraded to Windows 10 (given I’m part of a managed, enterprise network).
If your PC is qualified (you can find out more about that here), you will be able to make the move to Windows 10 soon. Visit http://www.windows.com/windows10upgrade to learn more about Windows 10 and how to upgrade your device for free. (There’s an app for that, too: here’s how to install the “Get Windows 10” app.) A few of my PCs at home haven’t received the upgrade yet: that’s normal. Just like the shoe maker’s children, it reminds me I need to make the time to back up those PCs and then update the machines with installation media on a USB flash drive as available here.
Next, learn what a fraudulent email message looks like, and be wary of phishing attempts. And share this with your less technical friends and family. As called out on our Security site, criminals do their darndest to get you to click on or respond to a phishing email, fraudulent websites, and nefarious phone calls all designed to steal your identity, data and ultimately your money. They’ll also use social engineering techniques to get you to do things that would put your Personal Identifying Information (aka PII) at risk. On our security glossary, we explain that this is…
“A method of attack that targets people rather than software. Social engineering is designed to trick you into doing something that benefits the malicious hacker, such as opening or downloading a malware file or giving away your personal information. It can be online, such as an email that tricks you into opening an attachment, or offline, such as a phone call from with someone pretending to be from your bank. However social engineering happens, its purpose is the same – to get you to do something that a malicious hacker wants you to do.“
And be sure to report these scams:
- Help Microsoft stop cybercriminals by reporting information about your phone scam.
- In the United States, use the FTC Complaint Assistant form.
- In Canada, the Canadian Anti-Fraud Centre can provide support.
- In the United Kingdom, you can report fraud as well as unsolicited calls.
Whenever you receive a phone call or see a pop-up window on your PC and feel uncertain whether it is from someone at Microsoft, be cautious! Read the 11 tips for social networking safety. If you need support, contact one of our technical support experts on the Microsoft Answer Desk or call us (in the States) at 1-800-426-9400 or on one of our customer service phone numbers around the world.