Cybercriminals have launched a new wave of phishing attacks promising an urgent update for Windows XP.–PC Pitstop
By Stu Sjouwerman, for KnowBe4.com Security Awareness Training
During the first quarter, I have been warning about the coming wave of Windows XP-related scams having to do with the April 8 End Of Life of XP. Here is what you can expect, and many variants will follow. It is important to warn your end-users about this, even if they -are- running more recent versions of Windows, because often they do not know what version they actually are running, and easily get scared into doing something that may damage your network.
So here is the scam, cybercriminals either send phishing emails or make cold calls and claim to represent either Windows Helpdesk, Microsoft Tech Support, Windows Support Group, or other Microsoft support teams.
They claim that there are now no more official security patches for XP, (true) refer to the Windows popups stating: Windows XP End of Support April 8th, 2014, but Microsoft still releases updates for Win7 and 8, (true) and that hackers have analyzed these updates and found new security holes in Windows XP that cannot be fixed anymore (half-truth). Next, the bad guys claim that they -do- have an urgent update but that they need to apply this patch manually (blatant lie). The end-user gets tricked to allow remote access to the scammers, using admin tools like join.me and others.
This excerpt appears with permission from knowbe4.com.