We’ve received increased reports of a new phishing scam email message that uses the name and official logo of the Microsoft Digital Crimes Unit (DCU). The wording varies, but it looks like a security measure and says you need to validate your account by confirming your user name and password or by opening a file attached to the message.
This is a fake message, but DCU is a real worldwide team of lawyers, investigators, technical analysts, and other specialists working to transform the fight against digital crime through partnerships and legal and technical breakthroughs that destroy the way cybercriminals operate. The DCU is a unique team in the tech industry, focused on disrupting some of the most difficult cybercrime threats facing society today – including malicious software crimes fueled by the use of botnets and technology-facilitated child sexual exploitation.
DCU does not send email to individuals asking them to validate their account information. If you get one of these email messages, it is a scam.
There are legitimate times when, in the course of a botnet cleanup effort, DCU will work to inform known victims of a particular threat to help them remove the botnet malware and regain control of their computer. Sometimes Microsoft will work with Internet service providers (ISPs) and Computer Emergency Response Teams, who in turn will work to inform malware victims by communicating through their already-established relationship with their ISP customers. This enables ISPs to be able to reach victims in a way that is clearly verifiable to botnet victims as legitimate. Other times, Microsoft may indeed notify victims directly – but not in email and not to verify account information, as the phishing scams claim.
When DCU does inform victims directly about a known malware infection on their computer, like in the recent case involving the Bamital botnet takedown, it will not ask people to click on a link or download an attachment. Rather, DCU’s communication will be done over a secured connection and will be readily verifiable as legitimately coming from Microsoft. These notifications will often also be accompanied by a high profile public information campaign that outlines the notification process, which will also help people independently verify that a warning is real and actually coming from Microsoft.
If you receive an email message claiming to be from the DCU, do not click on links or open any attachments. Instead, you can either just delete it or you can report it.
Here’s a copy of the fake message:
This message contains three common signs of a scam:
Get more information on how to recognize phishing email messages, links, or phone calls.
Some what confusing how to go about d/l for corrrections of vulnerabilty to delete.
Hotmail will not allow me to change my account name. My account has been compriomised by the theft of a computer tablet and someone has been using my account to send fraudulent personal messages using my name. How can I correct/stop this and prevent it from happening again? Is there any way to change my email accouint without losing all of my information?
My computer ALERT ICON is telling me that my Microsoft Security Essentials is not protecting my computer but, I check out the program and it says it's on. Now what ?
thanks for info., im less gullable now than 5yrs ago, but that very well may have gotten me
I received an email that got past the junk filter. It is obviously trying to perpetuate a fraud by offering millions of dollars for a reply. Is there somewhere I can send this email to catch these criminals???
it is normal for one pc home hause pc? no server no ti, no desenvolvidor , only person use pc for games ;
all in my pc is fake i try opem one site Microsoft i get error :
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.
Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
<!-- Web.Config Configuration File -->
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.
<customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>
An interesting article, phishing seems to have become very common in cyberspace, though more users are becoming more aware of the methods hackers use. Fraudulent websites are also an issue, the IACC has created a spoof website highlighting the need for an awarness online.
"Free identity theft with every purchase” & “50% off your life savings” - just some of the messages the International Anti-Counterfeiting Coalition (IACC) includes on its new spoof website mocking those that sell fake items, to help fight counterfeit luxury goods. Whilst the parody website is humorous, it also has a serious message to educate users on the dangers of buying fakes online. This and other global fraud-related news items can be found in The Inkerman Group's FREE weekly e-publication. E-mail firstname.lastname@example.org and request to be added to our distribution list.
To see the spoof website visit:
Makes me wonder, if my next computer will be a MAC
Thanks for sharing useful info on virtually identical, here i got lots of knowledge about it.