Don't get fooled into clicking phony Windows 10 upgrade emails

Fraudulent emails encouraging you to upgrade to Windows 10 will drop ransomware, not Microsoft's new OS, onto your PC.

windows 10

If you’re still waiting for your reservation to come up as Microsoft rolls out Windows 10, we can’t blame you for being eager to get your virtual hands on Microsoft’s latest OS. But if you get an email encouraging you upgrade to Windows 10, you’ll want to exercise a little caution, lest you get taken by scammers.

A post published to Cisco Systems’s company blog outlines how scammers are taking advantage of Windows 10’s launch to push ransomware onto unsuspecting PC users.  At first glance, the emails look reasonably legit: Cisco notes that scammers are spoofing the sender’s email address to make it look as if the message is from Microsoft. Also, the blue-and-white color scheme used in the message nearly matches the colors Microsoft is using for Windows 10 marketing materials. So unless you look carefully, you could get fooled into thinking the email is actually from Microsoft.

An attached .zip file purports to be a Windows 10 installer, but according to Cisco, the attachment contains a piece of ransomware called CTB-Locker that encrypts your files and requests payment within 96 hours, lets your files be encrypted forever.

Yikes.

Avoiding Windows 10 scams

Cisco recommends keeping a current backup of your files at all times—which you should be doing anyway—just in case you get bitten by ransomware. But it’s best to avoid being taken by this malware in the first place.

First and foremost, don’t click on any attachments you weren’t expecting, and be wary of download links in email messages. Microsoft isn’t distributing Windows 10 through email attachments or links embedded in emails. Instead, your reserved copy of Windows 10 will be automatically downloaded onto your system at some point in the next few days or weeks, and you will receive a notification on your PC when it’s time to install. 

mangled characters cicso Cisco

An example of mangled characters in fake Windows 10 emails.

Second, Cisco points out a few quirks in the phone emails you can watch for, such as mangled characters in the body text and a spoofed message assuring you that the email message had been scanned for viruses. Cybercriminals are very adept at shifting their tactics, though, so you shouldn’t assume that an email message is safe just because it lacks these elements.

Upgrade to Windows 10 now—safely

If you still haven’t received your reserved copy of Windows 10 and are feeling a little impatient, you can download and install Windows 10 right now. All you need is a spare USB key with at least 3GB of free space, an activated copy of Windows 7 or 8.1, and some free time. Our Mark Hachman will show you how to go about it.

Be alert, be safe, and enjoy Windows 10!

Subscribe to the Best of PCWorld Newsletter

Comments