Windows users are being targeted by a new scam involving fake software updates, cybersecurity experts warn. Attackers are luring users to deceptive websites that mimic official Microsoft pages, prompting them to download what appears to be a legitimate Windows update. However, the downloaded file actually contains malicious software designed to steal sensitive information such as passwords and payment details.
According to cybersecurity researchers at Malwarebytes, the scam utilizes fake Microsoft Support and Windows Update websites that closely resemble the real ones, including using similar fonts, colors, and design elements. Users are advised to be cautious and not click on any suspicious links prompting urgent updates but to instead verify updates directly through the Windows Update section in Settings.
The scam is particularly dangerous as the downloaded file looks authentic, making it difficult for users and some security software to detect its malicious nature. While the current targets seem to be primarily in France, experts emphasize that the scam could quickly spread to other regions. Therefore, all Windows users are urged to exercise caution and refrain from downloading any updates from unverified sources.
To safeguard against such scams, users are advised to avoid clicking on update links from emails, texts, or social media and instead rely on the Windows built-in update system. Enabling automatic updates is also recommended as it reduces the risk of falling victim to fake update scams. In particular, Windows 11 users are reminded to be extra vigilant against unexpected messages claiming urgent updates and to only install software through official Microsoft channels for enhanced security.