A New Critical Update

It seems that the spammers are getting to be a little bit slicker with their phishing scams. Most of the time phishing messages are pretty easy to spot. Today I got one that was a little bit trickier to figure out. The E-mail message claimed to be from Microsoft Customer Support [ No-Reply at microsoft.com], and had a subject line that read Install Critical Update for Microsoft Outlook.

As a Microsoft geek, I know that Microsoft does not send out updates through E-mail. I was also not aware of any critical updates for Outlook that came out today. Even so, the message looked so authentic that it had me scratching my head.

If you receive such an E-mail message, my advice is to hover your mouse over the download link to reveal the download URL. Read the URL carefully. It is usually designed to look legitimate, but if you read the URL carefully you can tell that it isn’t. For example, the domain portion of the URL linked by this message was http://update.microsoft.com.iijliijl.com. If you only look at the first part of the domain name, it gives the illusion that the link really points to Microsoft update. The full domain string tells the truth though.