Windows users are being warned about a new scam targeting them with fake software updates. Cybercriminals are directing users to deceptive websites that mimic official Microsoft pages, urging them to download what appears to be a legitimate Windows update. However, the file actually contains malicious software designed to steal sensitive information such as passwords and payment details.
Security researchers at Malwarebytes have identified the scam, which uses websites designed to look like Microsoft Support and Windows Update pages. These fake sites replicate Microsoft’s fonts, colors, and design to deceive users effectively.
To avoid falling victim to this scam, users are advised not to click on any suspicious update links received via email, text, or social media. Instead, they should manually check for updates by going to Settings > Windows Update. It is crucial to be cautious as the downloaded file looks authentic, making it harder for users and some security software to detect the threat.
Although the primary targets appear to be in France currently, experts emphasize that these fraudulent campaigns can quickly spread. Therefore, all Windows users should exercise caution and refrain from downloading any suspicious updates.
To enhance security, users should rely on Windows’ built-in update system for installing updates rather than clicking on external links. Enabling automatic updates is also recommended by security experts to minimize the risk of falling for fake update scams.
In particular, Windows 11 users should be extra vigilant against unexpected messages prompting urgent updates. Installing software exclusively through official Microsoft channels is the most effective defense strategy against such cyberattacks.