A new fraudulent scheme has been discovered targeting Microsoft Windows users by luring them to fake software update websites. Cyber attackers are directing users to deceptive sites resembling official Microsoft pages, prompting them to download what appears to be a legitimate Windows update but actually contains harmful malware designed to steal sensitive information.
According to cybersecurity researchers at Malwarebytes, the scam involves websites mimicking Microsoft Support and Windows Update pages, using similar fonts, colors, designs, and convincing web addresses to deceive unsuspecting users. To avoid falling victim, users are advised not to click on links in emails, texts, or notifications urging urgent updates but to verify directly through Windows Update in Settings.
The downloaded file seems authentic, making it challenging for users and some security software to detect the malicious intent. While the current targets seem concentrated in France, experts caution that these scams can quickly spread, emphasizing the need for all Windows users to exercise caution before downloading any updates.
To safeguard against such threats, users are urged to distrust update links from emails, texts, or social media and instead rely on Windows’ built-in update system by navigating to Settings > Windows Update and selecting “Check for updates.” Any separate Windows update downloads from websites should be viewed skeptically, with experts recommending enabling automatic updates to minimize the risk of falling prey to fake update scams.
Windows 11 users are specifically reminded to be cautious of unexpected messages requesting urgent updates and are advised to install software exclusively through official Microsoft channels for enhanced protection against these malicious attacks.
