Beware!!! This Windows 7 end-of-support phishing campaign steals passwords

Beware!!! This Windows 7 end-of-support phishing campaign steals passwords

For those who don’t know this yet, Microsoft has ceased support for Windows 7. Consequently, users are hurrying to upgrade to the latest Windows 10.

Many users, especially businesses and organizations, still have not completely upgraded to the latest Windows. And now, a phishing campaign is targeting Windows 7 users that are about to upgrade to the newer Windows and stealing their passwords.

Read: Coronavirus-themed cyberattacks & phishing dropped, says Microsoft

New phishing campaign targets Windows 7 users upgrading to the latest Windows

Team Cofense has found another phishing campaign exploiting Windows 7 end-of-support. The campaign primarily targets organizations and businesses who have waited to the last minute and are now in a panic to upgrade.

In a blog post, the team related that businesses have been receiving phishing emails offering different benefits including doing the upgrade for the business.

Mind you, this even includes the COVID-19 symptom tracker for the employees. Clearly, this scheme is aimed at businesses that have just started going back to the office after months and months of lockdown.

New phishing campaign targets Windows 7 users upgrading to the latest Windows
New phishing campaign targets Windows 7 users upgrading to the latest Windows

But there’s more…

These phishing emails also include a personalized touch; starting the email subject line with “RE:.” This could lead the recipient to believe that the email is part of a previous thread.

Now, if you are an employee who is about to upgrade to the newest Windows and you see this email, you will likely trust the legit-looking email, right? I’m sure that’s what many would do.

And to make matter worse, the email also includes a table with some laptop serial numbers that are made-up. Of course, employees won’t know (or even think to check) the serial numbers for their laptops/desktops.

Email contains made-up laptop serial numbers to further trick the recipient into thinking it is legit (Photo credits: Cofense)
The email contains made-up laptop serial numbers to further trick the recipient into thinking it is legit (Photo credits: Cofense)

Additionally, the email contains the phishing link embedded in a “Windows 10 Upgrade Project Site” link. The start of the phishing URL is masked by “urldefense.proofpoint.com” to trick the recipient in case they hover the mouse over the link.

Most average users are unsuspecting; thus, they are not vigilant enough to go through an embedded link and verify it. So they click on the link and land on the phishing page. The link looks very legit–it even bears an https status.

But, looking at the page layout which mimics an Outlook Web App (OWA) login page, once can see it’s designed very poorly.

The phishing page mimics an Outlook Web App login page
The phishing page mimics an Outlook Web App login page

But, when a user believes this page to be legit, the attackers can easily get a hold of their credentials. Proceeding further would redirect the user to the legit Microsoft’s Windows 7 end-of-support page.

So, the victims won’t know that they have fallen for a phishing attack, despite the fact that their devices are not receiving any software updates.

Stay safe… physically and virtually

Microsoft’s security support on Windows 7 officially ended early this year. However, many organizations and businesses have still to update the new software.

Although firms are very careful with security updates in systems that handle sensitive data, not many know that the system that connects their own network is also important.

The utmost attention must be paid to all security updates; regardless of whether it belongs to the CISO, IT personnel, or other executives and junior employees. Once a single employee falls for a phishing attack, severe damage can result throughout the network.

The question is: What can firms do to prevent this kind of attack?

Companies should provide employees at all levels constant security trainings
Companies should provide employees constant security training at all levels

The best thing for firms to do is to constantly give their employees (regardless of level) security training. In this way, they can identify potential attacks and steer clear of fake emails like the one mentioned above.

Second, the firm can limit their exposure to this type of attack by making sure that only qualified personnel, specifically from the IT department, have permission to run any network upgrades to the latest Windows.

Leave a Reply

Your email address will not be published.