You are here

Hackers target Gmail, Yahoo and AOL passwords

25th September 2012

Cybercriminals have launched a scam designed to steal your AOL, Gmail, Yahoo or Windows Live passwords.

Security firm Sophos has warned users to be wary of emails which claim to come from privacy@microsoft.com.

The emails, which are cleverly designed to resemble official alerts from Microsoft, tell users that their computer is at high risk and advises visiting a supposed "update" page.

Upon clicking the link, however, users are directed to a phishing site which attempts to harvest email addresses for webmail services including Gmail and AOL mail.

Once the fraudsters have access to your account they can gather personal information and potentially use it to commit identity theft.

The email entitled "Microsoft Windows Update" reads:

Dear Windows User,

It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.

This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click on the Verify button below and enter your login information on the following page to confirm your records.

VERIFY

Thank you,

Microsoft Windows Team.

Senior technology consultant Graham Cluley said:"At first glance, if you don't look too carefully, the emails entitled 'Microsoft Windows Update' may appear harmless enough,"

"But the grammatical errors and occasional odd language should raise alarms bells that the emails may not really be from Microsoft."

Read more about the phishing scam on the Sophos blog.

Please note: Action Fraud is not responsible for the content on external websites.

To report a fraud, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.

Related links

What is Phishing?
The Devil's In Your Details
Beware of fake “confirm PayPal account” emails