BREAKING NEWS!

Here is a virus that your anti-malware program may not detect. Before you get all worked up and hit the panic button, this is not a virus in the strict sense of the word. You are told that you are infected by this particular virus by crooks claiming to be the official Windows Outlook team.

This is another phishing (see Definition) ploy by cybercriminals to trick you into installing malicious malware or code on your device.

The cybercriminals further claim that that they are providing proactive security services. They then request the unsuspecting victim to perform a couple of actions. All this is described in an email purportedly send by the Windows Outlook team.

Below is the fake virus alert:

Dear Outlook Member, A C93 Virus has been detected in your mailbox, You are required to apply the new Norton AV security anti-virus to scan and to remove all Trojan and viral bugs from your mailbox Account, Failure to apply the scan your mailbox will be De-Activated to avoid our database from being infected. Click on Optimal Scan and Log in to apply the service. Thank you, Windows Outlook.

The victim is encouraged to click a link to use Norton anti-virus that apparently helps the user to scan their computer. This will supposedly help remove all Trojan and viral bugs from the victim’s account. Failure to do so would cause the victim’s email account to be deactivated, or so they are told.

If the user clicks the anti-virus link, he / she will be taken to fake webpage that looks like the Microsoft login page, but is hosted by the hacker’s server. The user is unaware that his / her login credentials have been stolen. The crooks can now hijack you real Microsoft account and also login to various Microsoft services that uses the same credentials. Such is the value of users’ credentials to the scammers.

Remember, Microsoft (and other providers) will not request their customers to scan their computers for malware. If there is a security threat, Microsoft will issue a security advisory with fixes and patches in their systems.

Such a scam (see Definition) as describe above have been around for a while. In fact the above-mentioned scam was discovered in November last year. But like all scams, they don’t just go away. They may lurk around, waiting to entice unsuspecting users, especially the less computer savvy ones. These victims may panic when confronted with claims of virus infection and follow the instructions without due consideration.

The internet is a great place to be, but it can be heaven or hell – ‘heaven’ for cybercriminals and ‘hell’ for computer users.

Recommendation

1. If you receive any of such fake virus warning, DO NOT click the links or open any attachments.
2. If you receive a potential malicious link or are not sure of the validity of such a link, go here to check it, https://www.virustotal.com/. This website will allow you to scan a link or file via more than 50 virus scanners at once.
3. Ensure that the login page that you have opened is not bogus, but the right one. A good practice is to type in the web address manually, or to place the mouse cursor over the web address to check its validity.
4. If you have unwittingly given away your login credentials on a fake webpage, change them as soon as possible.

Definition

Phishing – is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites.

Scam – a con game or fraudulent scheme performed by someone to obtain money or something else of value.

Source

1. Cyberwarzone.
2. VPN Creative.
3. Hoax Slayer.
4. The Email Admin (for phishing image).