Security firm Sophos has discovered a phishing scam that targets Microsoft Windows users. The scam comes in the form of an e-mail with the subject reading: "Windows Email Security Update." The scam is designed to steal Gmail, Yahoo!, AOL, and Windows Live passwords. Here is an example of the fraudulent e-mail:
Dear Windows User,
It has come to our attention that your Microsoft windows Installation records are out of date. Every Windows installation has to be tied to an email account for daily update.
This requires you to verify the Email Account. Failure to verify your records will result in account suspension. Click in the Verify button below and enter your login information on the following page to Confirm your records.
Microsoft Windows Team.
Clicking "VERIFY" takes you to a third-party website emulating Microsoft.com. The fake Microsoft website then asks users to enter their e-mail address and password in order to receive a necessary Windows update. Protect your inbox and yourself from identity theft, and do not click any links from firstname.lastname@example.org, it might be a scam.