“Critical” Windows Update Message is a Fake

Windows update message installs ransomware on victims’ PCs: Internet Scambusters #894

Microsoft never sends out email notifications of a Windows update so, if you get one, you can be sure it’s a fake.

So is a certain type of text notification of an upcoming package delivery.

We’ll explain both of these scams in this week’s Snippets issue, along with news of phony car mechanics and the latest cunning grants scam.

Let’s get started…


“Critical” Windows Update Message is a Fake


Those of us who use Microsoft Windows are so used to getting messages about Windows updates that we probably don’t give them a second thought and let things take care of themselves.

So, when you receive an email notification that reads, “Install Microsoft Windows update now!” or “Critical Microsoft Windows Update!” you might be inclined to take it seriously.

However, when you think of it, that’s not the way Microsoft works. Updates either take place in the background automatically or you receive some kind of onscreen notification of an impending update. You definitely don’t receive emails from Microsoft.

So, it’s a scam. The email generally has a single line urging you to “install the latest critical update from Microsoft attached to this email.”

But the attachment is actually a malware-bearing file that will likely lock up your PC and demand a ransom, according to the technology intelligence site TechRadar.

This isn’t the only convincing, but flawed, new attempt to trick users into following links.

A new scam, only spotted recently, uses text messages notifying recipients of an upcoming package delivery. Because text messages use just simple typography, it’s next to impossible to tell if a shipping or delivery notification is genuine.

Again, many of us are used to receiving this type of message on our phones about deliveries. They may come from the sender — such as Amazon — or delivery organizations like UPS, FedEx or the USPS.

Tech site HowToGeek explains that the scam messages contain a link that can be activated by touch. It takes victims to a fake Amazon site where they’re asked to complete a survey in return for an “expensive” reward.

All recipients have to do is to pay the shipping cost, which means, of course, providing credit card details.

But, says HowToGeek, the real scam is buried in the fine print. This states that by agreeing to pay for shipping for the “gift,” the user is also agreeing to receive products every month, for which their card will be charged almost $100 a time.

In both the above cases, the simple solution is the same one we always recommend — be ultra-wary about clicking or tapping links or attachments in messages. Better to go to the supposed source’s real website and check out delivery and shipment notifications there.

We have a few couple other scam Snippets to alert you to this week:

Beware Parking Lot Mechanics

This is a clever trick. You leave your car in a large mall parking lot and return to find an apparent problem; there’s brake fluid all over the ground beneath your auto. If you didn’t spot it, a passer-by (who is really a scammer) draws your attention to it.

They claim they just happen to know a nearby repair shop where you can get it fixed. But drive slowly and carefully, they warn. This is just a ruse to make them seem more genuine.

They offer to phone ahead and you make your way to a nearby repair shop or lock-up unit. There’s a guy outside, waiting for you. You’re still near the mall, so he suggests you leave the car with him and go have a coffee.

You hand over your keys and that’s the last you see of your car. The second scammer has nothing to do with the repair shop he’s standing by.

The message is clear: don’t trust parking lot mechanics. If you seem to have a dangerous and urgent problem with your car, call out your roadside assistance service. If you don’t have one, find a nearby reputable repair shop independently and take your vehicle there or ask them to come check your car.

Don’t Fall for this Big Grant Trick

Facebook scams are a dime a dozen. But one of the latest tricks is causing victims a lot of trouble and losing them a few thousand dollars.

Victims receive what looks like a genuine message from one of their FB “friends.” It claims they paid $4,000 to get a $150,000 grant.

In case they’re skeptical, the message includes photos of the friend, seeming to confirm they sent it.

In reality, the “sender’s” account has been hacked and photos copied from the Internet.

Like all of these fake grant scams, the aim is to hook the individual and then ask for successive amounts of money for handling, taxes, and so on. In one case, a victim was even told the grant was related to a lottery program and that the more money she paid to collect, the more she would receive!

This might seem a pretty obvious scam to most of us, but it’s being targeted at older people who tend to be more trusting.

The truth is that grants of any sort are not easy to obtain and recipients generally have to jump through hoops and fill in all sorts of forms to even be considered. An instant grant of $150,000 to an individual is unheard off. And a request to pay a fee to get the money is a big red flag.

Alert of the Week

Coming back to the topic of Amazon and phishing scams, there’s another new trick targeting members of the retailing giant’s Amazon Prime service.

If you use this service, don’t fall for an email notification that your membership is about to expire, your card details are no longer valid, and you need to update them by following a link.

It’s a fake of course, so ditch it. If you worry the message may be real, go to Amazon.com and check your account there.

Time to close today, but we’ll be back next week with another issue. See you then!