Industrious and grammatically challenged scam artists are targeting Microsoft customers with an email-based phishing campaign in which the scammers attempt to fool users into revealing their credit card numbers. The campaign takes advantage of a recent Microsoft antipiracy announcement that warned users that the company will deny most product updates to users who have illegitimate Windows copies.
Here's how the scam works: The scammers flood inboxes with email messages that appear to come from security@microsoft.com; one rendition bears the subject line "Microsoft Windows Update." The message notes, "If you do not comply with our policy, windows [sic] will ask you to reactivate your serial number, and it will become invalid ... So you will lose any information on your computer. If you do not validate your serial number, your copy of windows [sic] will be labeled as piracy." A similar message offers to give users Microsoft security tools.
The messages then ask users to visit a specific Web page and update or validate their Windows Product IDs and credit card information. The messages note that credit cards won't be charged but that the numbers are required to ensure that users' versions of Windows are legitimate. Humorously, the email appears to come from the Windows XP Activation Team. The message leads users to a non-Microsoft Web site that's based in Romania, however, and there's no such entity as the Windows XP Activation Team. Furthermore, Microsoft would never request credit card information via an email message.
Security researchers note that the scam is even more insidious than it first appears. In addition to stealing users' credit card numbers, the Web site that's linked in the message attempts to install spyware on users' systems when they visit the site. The spyware is delivered in the form of a Microsoft Internet Explorer (IE)-based Browser Helper Object.