Microsoft previously ran a free upgrade scheme for Windows 7, Windows 8 and Windows 8.1 users looking to upgrade to Windows 10. That unprecedented promotion has now officially ended, although there are some loopholes which reportedly still allow users of legacy Windows operating systems to update to Windows 10. And despite Windows 10 being the world’s most popular desktop OS, there are still plenty of PC fans running older versions.
According to NetMarketShare, Windows 7 – despite no longer being supported by Microsoft – is the second most popular desktop OS in the world.
Now those huge number of people still using Windows 7 have been put on alert about a new scam that has been discovered recently.
As revealed in a post by Threatpost, security researchers have discovered that scammers are trying to capitalise on the end of the Windows 10 free upgrade scheme.
The phishing scam involves an Outlook message being sent claiming the recipient has to upgrade to Windows 10 ASAP.
READ MORE: Billions of Windows users at risk as ‘practically ALL adult’ sites infected with malware
The Windows 7 user is told that they need to upgrade to Windows 10 ‘today’, and directs them to a site that purportedly helps with the upgrade process.
But it is all part of an elaborate scam intended to make Windows 7 users hand over sensitive data to cybercriminals.
The threat was outlined in an article online by Kaleb Kirk, a researcher with phishing prevention firm Cofense.
The fake Outlook message is being sent to those running the business version of Windows 7 and has a number of red flags – namely out of place capitalisation.
These type of grammatical errors are commonplace with scams, as official correspondents should have ironed out any sort of typos.
The phishing e-mail in question is titled ‘Re: Microsoft Windows Upgrade’.
It says: “Your Office Windows computer is Outdated and an Upgrade is scheduled for replacement Today.
“To Upgrade your Windows 10, please open your browser to the Windows 10 Upgrade Project Site”.
Outlining the threat, Kirk said: “The subject references a Windows upgrade, but there is also something else manipulative: the inclusion of the “RE:” before the rest of the subject. Internal email about company meetings, news and IT upgrades are common. Prefixing the “RE:” may instill a sense of urgency by leading the user to believe they have missed a prior communication about the upgrade.”
The Cofense researcher added: “We look at phishing emails that bypass commercial gateways all day, every day. Most of them are hastily slapped together. This lure needs improvement, but it’s not completely awful. We give this threat actor two gold stars for the table with made-up laptops, fake serial numbers, building, etc. It applies a good sense-of-urgency ploy using the highlighted “Today,” and the body doesn’t have obvious grammar or spelling errors. Again, not completely awful.”
While this particularly phishing attempt has a number of telltale signs it’s a fake, Kirk warned that more convincing scams could crop up in the future.
The security expert added: “Attackers have been using the “time to upgrade your out-of-date software” ploy for years. With Windows 7 ending official support, it won’t be surprising if we see a flurry of better versions of this phish in the future.”