A fresh C93 phishing Scam targeting Microsoft’s Windows Outlook Users. Online scammers have unleashed a bogus “c93 virus” targeting Windows Outlook users in a wide phishing campaign aimed at stealing users’ login credentials, warns security researchers. It all starts with a phishing email allegedly from Windows Outlook warning users of a deadly C93 malware in their mailbox that ought to be flushed out using Norton antivirus.
“Dear Outlook Member, A C93 Virus has been detected in your mailbox, You are required to apply the new Norton AV security anti-virus to scan and to remove all Trojan and viral bugs from your mailbox Account, Failure to apply the scan your mailbox will be De-Activated to avoid our database from being infected,” read the phishing email.
To clean up the “Trojan and Viral bugs” from the ‘infected account’, users are directed to follow a provided web link and conduct a systems scan purportedly using Norton antivirus software or risk their mail box being deactivated.
Clicking the web-link directs the user to a bogus page that resembles the Microsoft’s account login page but is directly linked to the fraudsters’ servers. Login credentials submitted on the pages go directly to the crooks and the page reverts to the real Microsoft page where the user is prompted to enter the credentials again.
Meanwhile, C93 is not any known virus, it simply a virus scare used by scammers to dupe users into revealing their Microsoft login credentials. Furthermore, Microsoft and other email providers such as Google will never request customers to scan their systems for antiviruses or other malwares. In case of a security threat, the providers always release an official security advisory or patch up their systems without asking their clients.
The latest attack on Microsoft’ Windows Outlook is similar to an earlier phishing scam targeting Hotmail and Windows Live users in January, raising suspicion that the same scammers could be involved.
In the January scam, Hotmail users received a bogus email purportedly from Microsoft team warning that a malicious person had tried to access their account and prompting users to verify their login credentials or risk being suspended.
“Attempts have been made to access your email in a suspicious manner. To prevent shutdown of your email for security reasons, click Show content on the yellow header in this message and click below to sign in your email from your home or work computer. After you sign in, your email will be verified and security will be upgraded,” read the phishing email targeted on Hotmail users.
Like with the C93 scam, scammers provided a link that directed users to a fake Microsoft login page linked directly to their servers. Submitting your Username and Password on the phishing site gave away your Hotmail account to the fraudsters.
Scammers and their phishing antics is a sad reality in the tech world, the next phishing scam is just a click away. More importantly, users should be wary of emails, purportedly from their services providers asking for login credentials or banking details such as account number, pin numbers or credit/debit cards numbers. Always take emails from your bank or other service providers with a grain of salt. Meanwhile if you were duped into giving away your Microsoft login credentials, do a password reset as soon as humanly possible, otherwise call Microsoft team for further assistance.
Ali Qamar is an Internet security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at SecurityGladiators.com, an ultimate source for worldwide security awareness having supreme mission of making the internet more safe, secure, aware and reliable. Follow Ali on Twitter @AliQammar57