Beware of fake Microsoft security alerts

Hot on the heels of my posting about the upcoming Patch Tuesday with its four critical patches is a report by SANS Internet Storm Center about a new scam. In this instance, the ill-doers send out fake security bulletins in an attempt to trick victims into installing malicious software on their computers.

According to Network World, the e-mail messages in question claim to be a “Cumulative Security Update for Internet Explorer.”

Of course, it comes with a nice little link helpfully titled “Download this update.” The rest, they say, is a case of a very unhappy IT support staff at your terminal.

It might be worth noting that while Microsoft does send out notification e-mails when it comes to security bulletins, these notifications invariably link to the bulletins themselves, never to executable downloads.

Will such a scam succeed in your workplace? Or is a plethora of security systems already in place to stop it even before the user sees it? Join the discussion.