Security Update: Fictitious Microsoft Windows Update email steals Your Passwords

The next time you open your inbox and find an e-mail purportedly from privacy@microsoft.com, don’t open it and delete it at once. You could be another victim of a vicious phishing attack. The ruse is basically designed to rob the Gmail, Yahoo, Windows Live and AOL passwords.

According to Naked Security, a blog by IT security firm Sophos, the e-Mail with an innocuous title ‘Microsoft Windows Update’, asks users to enter personal log-in information and verify their e-mail accounts.

Sharp eyed netizens were however puzzled by the odd capital letters and bad grammar of the letter supposedly signed by the Microsoft Windows Team. The e-mail also ominously warns the users to verify their account by clicking on the button or else their account will be suspended.

Clicking on the verify button leads to a site called Microsoft.Com. However it is not the real Microsoft. Once the user logs in to the site, a message warns them that their computer are outdated and at a very high risk. The site then coaxes the user to enter their username and password to one of the four email providers. Needless to say, the information will finally end into the scammers’ hands and the user is at a risk of an online identity theft.