New Phishing Scam Uses Microsoft As Bait

July 31st, 2006: Microsoft is being used in a new scam that redirects users to a fake Microsoft website.

The email Phishing scam appears in inboxes looking like a message from Microsoft. Anyone opening the message is told they have won a prize from the company that can be claimed by clicking on a link to a false Microsoft website.

A spokesperson for internet company SurfControl says “There have been a number of these attacks over the last week or so targeting Microsoft customers, what’s different about this one is it tells people they have won a prize, which Microsoft doesn’t do, and directs them to a malicious website which executes some Active X code. Internet Explorer users get an option to install the code but no decline option, if you’re using FireFox the application will install without the user knowing, basically a drive by download”.

SurfControl has advised internet users to update their antivirus software and said it would add malcode protection for this attack into databases for all products. At the time of going to Press Microsoft was yet to provide comment for this story.

Comment on this story.