Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems – but in reality, they are redirected to a fake Outlook login page that steals their credentials.

Windows 7 reached end-of-life (EOL) on Jan. 14, with Microsoft urging enterprises to upgrade to its Windows 10 operating system. While Windows 10 was released in 2015, the pains of upgrading end-user machines mean that many companies have been lagging behind in updates.

“This explains why enterprises wait, sometimes for years, before taking the plunge,” said Kaleb Kirk, researcher with Cofense in a Friday analysis. “Unfortunately, these delays give the bad guys time to refine exploitation techniques on older operating systems lacking the latest architecture.”

The phishing emails in question, entitled “Re: Microsoft Windows Upgrade,” use the “re” prefix, which researchers said may instill a sense of urgency by leading the user to believe they have missed a prior communication about the upgrade.

The email tells recipients, “Your Office Windows computer is Outdated and an Upgrade is scheduled for replacement Today,” and includes a schedule (of note, some strange capitalization and spacing is utilized, serving as red flags that the email is not legitimate). Below, it then tells users, “To Upgrade your Windows 10, please open your browser to the Windows 10 Upgrade Project Site,” pointing to a URL. This link then takes the recipient to the phishing landing page.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.