Windows 7 ‘Upgrade’ Emails Steal Outlook Credentials


Level 69
Content Creator
Malware Hunter
Aug 17, 2014
An ongoing phishing attack puts pressure on enterprise employees to upgrade their Windows 7 systems – but in reality, they are redirected to a fake Outlook login page that steals their credentials.

Windows 7 reached end-of-life (EOL) on Jan. 14, with Microsoft urging enterprises to upgrade to its Windows 10 operating system. While Windows 10 was released in 2015, the pains of upgrading end-user machines mean that many companies have been lagging behind in updates.

“This explains why enterprises wait, sometimes for years, before taking the plunge,” said Kaleb Kirk, researcher with Cofense in a Friday analysis. “Unfortunately, these delays give the bad guys time to refine exploitation techniques on older operating systems lacking the latest architecture.”

The phishing emails in question, entitled “Re: Microsoft Windows Upgrade,” use the “re” prefix, which researchers said may instill a sense of urgency by leading the user to believe they have missed a prior communication about the upgrade.

The email tells recipients, “Your Office Windows computer is Outdated and an Upgrade is scheduled for replacement Today,” and includes a schedule (of note, some strange capitalization and spacing is utilized, serving as red flags that the email is not legitimate). Below, it then tells users, “To Upgrade your Windows 10, please open your browser to the Windows 10 Upgrade Project Site,” pointing to a URL. This link then takes the recipient to the phishing landing page.