There is a new phishing scam going on right now that poses as a Microsoft email to their customers with the subject Important Changes to Microsoft Services Agreement. It looks exactly like a legitimate Microsoft email message, which is typical of some of the best phishing attempts. If you’ve gotten one of these, or get one in the future, don’t click on any of the links in the email, and delete it. In fact, I wouldn’t even open it up…delete it.
The links, if clicked, will send you to malicious Internet websites that contain a malware kit known as the Blackhole Exploit Kit and the Zeus financial malware. Neither of which you’d want on your computer. They will be injected onto your computer in the wink of an eye to begin preparing your PC for future infections and cleaning out your bank account.
The Blackhole Exploit Kit takes advantage of some security vulnerabilities in Java Scripting, a type of programming used in some websites. You may want to disable scripting in your Internet browser to avoid the next attack you might receive aimed at the Java vulnerabilities…they are endlessly found and patched, but appear to be an ongoing problem. Here’s a link to disable scripting on most of the popular browsers: www.alanwood.net.
Below is a copy of an actual email received very recently. The “from” and “to” information has been left off because I don’t want to reveal the address of the recipient. However, the “from” address says simply “Microsoft”. I have also removed the links to the malicious sites but left them underlined for illustration purposes.
Subject: Important Changes to Microsoft Services Agreement
We’ve updated the Microsoft Services Agreement, which governs many of our online services – including your Microsoft account and many of our online products and services for consumers, such as Hotmail, SkyDrive, Bing, MSN, Office.com, Windows Live Messenger, Windows Photo Gallery, Windows Movie Maker, Windows Mail Desktop, and Windows Writer. Please read over the new Microsoft Services Agreement here to familiarize yourself with the changes we’ve made.
The updated agreement will take effect on October 19, 2012. If you continue to use our services after October 19th, you agree to the terms of the new agreement or, of course you can cancel your service at any time.
We have modified the agreement to make it easier to read and understand, including using a question and answer format that we believe makes the terms much clearer. We also clarified how Microsoft uses your content to better protect consumers and improve our products, including aligning our usage to the way we’re designing our cloud services to be highly integrated across many Microsoft products. We realize you may have personal conversations and store personal files using our products, and we want you to know that we prioritize your privacy.
Finally, we have added a binding arbitration clause and class action waiver that affects how disputes with Microsoft will be resolved in the United States.
Thank you for using Microsoft products and services!
One Microsoft Way
Redmond, WA 98052
Reference: Naked Security.com
As always, I appreciate your comments on this subject…so please do. And be careful out there…it’s extremely dangerous these days.
Don’t miss an article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.
Home computing is a blast…keep it safe, productive and enjoyable.