Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Did I really get a critical update notification for Outlook Express in my email?

Question:

I recently received a “Critical Update” notification for Microsoft Outlook /
Outlook Express in my email. I’d not gotten these before, so I wanted to double
check. What should I do?

Delete that email immediately, and ignore any more copies you’ll likely
get.

Malware authors are constantly looking for ways to fool us into clicking on
their links. Since I also got the same email, I’ll use it as an example of what
to look for.

]]>

Here’s the email in question:


From: “Microsoft Customer Support” <no-reply@microsoft.com>
Subject: Microsoft has released an update for Microsoft Outlook

Critical Update

Update for Microsoft Outlook / Outlook Express (KB910721)

Brief Description
Microsoft has released an update for Microsoft Outlook / Outlook Express. This update is critical and provides you with the latest version of the Microsoft Outlook / Outlook Express and offers the highest levels of stability and security.

Instructions

  • To install Update for Microsoft Outlook / Outlook Express (KB910721) please visit Microsoft Update Center:
    http://update.microsoft.com/microsoftofficeupdate/isapdl/default.aspx?ln=en-us&id=4073213066266196307501839191291857099795707196499436900323714412165512

Quick Details

  • File Name: officexp-KB910721-FullFile-ENU.exe

  • Version: 1.4

  • Date Published: Mon, 22 Jun 2009 15:17:14 -0500

  • Language: English

  • File Size: 81 KB

System Requirements

  • Supported Operating Systems: Windows 2000; Windows 98; Windows ME; Windows NT; Windows Server 2003; Windows XP; Windows Vista

  • This update applies to the following product: Microsoft Outlook / Outlook Express

Contact Us
© 2009 Microsoft Corporation. All rights reserved. Contact Us | Terms of Use | Trademarks | Privacy Statement

Here’s the problem:

It’s Totally Bogus

“What scam artists have done is create an email that looks as much as possible like an official email from Microsoft.”

That link that looks like it goes to “http://update.microsoft.com/…”? In the email it looks like that, but if you click on it your browser will really go to “http://update.microsoft.com.ilkihi.com/…”. See how there’s an extra domain in the URL that’s not in the URL that you click on?

That’s the single biggest clue that this is a scam. Click on it, and you’ll likely take a virus, or be the victim of some other kind of scam – particularly if you accept and install the download.

What scam artists have done is create an email that looks as much as possible like an official email from Microsoft. They’ve probably even copy/pasted from a real Microsoft email or web page to get the look and feel just right. Many of the other links in that email might happen to be correct, and take you to the corresponding page on Microsoft’s web site. That’s even a legitimate Knowledgebase identifier, though the real article has nothing to do with what the email claims.

What they’re counting on is enough people blindly assuming that the email is legitimate, and clicking on the download link because they think they need this “update”.

How do you protect yourself?

  • Realize that Microsoft never distributes updates via email. Not as a an attachment, and not even as instructions to download.

  • Never click on links in email that you didn’t expect, or aren’t 100% certain about. Never. Remember, even the technique of hovering over a link to see where it “really” goes can also many times be spoofed – you can’t trust even that.

  • Always keep your machine up to date. If it’s updates you want, then enable Windows Automatic Updates, or visit Windows Update yourself. It’s also a great way to check out the legitimacy of emails like this: if you visit Windows Update, you’ll be notified there if you do indeed need some update.

I’m seeing this scam more and more often, so please – be careful, and watch where you click.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

8 comments on “Did I really get a critical update notification for Outlook Express in my email?”

  1. The full scam addres should not have been posted here, I tried it and ot something called bing came up. It had a few Microsft fake downloads. I them closed the window, no harm, since I did not click on any downloads.

    Uh… you went out of your way to go to what you expected was a scam address? (Out of your way, since none of the addresses in this article are “live” – you had to copy/paste.)

    I’m not sure exactly which link you’re talking about, but Bing is not a scam and not fake. Bing.com is Microsoft’s new search engine.

    – Leo
    24-Jun-2009

    Reply
  2. I appreciate the timeliness and info re: Microsoft E-mail updates. Blindly, I did just as you recommended and deleted it. When I tried to go to Microsoft “Updates” to see if my computer was current, I could not get there– always being interrupted by the message, “Install the ActiveX control req’d to view the web site”. It continues with instructions to right click on the — whatever– and I have no ActiveX icon. The alternate solution produces the original message to install. Any solutions– seems I’m locked out of Microsoft help?

    Reply
  3. OK, so what if you take the bait? Does running Malicious Software Removal Tool, as well as a full system AV scan help?

    At best all I can say is “maybe”. Once you’re infected there’s really no way to be 100% certain that you’ve ever cleared it off.

    – Leo
    01-Jul-2009

    Reply
  4. HI, if I suspect an address I’ve been asked to click on, I just hover the mouse above it and see what appears in the line at the bottom of the screen. If it is not the same as was given in the email I know there is something wrong so I don’t click on it.
    best wishes
    Margaret

    That’s excellent advice, and something I recommend everyone get into the habit of doing. However, it’s not foolproof. Depending on the email program being used, and the sophistication of the scam it’s possible for the displayed link at the bottom to still not display the actual target. In other words it’s possible for your technique to be fooled as well. Caution, caution, caution. Much better to copy/paste the link you see into a browser, or avoid that all together and visit the site yourself by typing in the address or using a bookmark of your own.

    – Leo
    01-Jul-2009

    Reply
  5. Ok. So imagine I never got to this site how do I get rid of the problem, and does it affect outlook

    The full scam addres should not have been posted here,

    WHY do you think I would be daft to put it in the address bar and press enter

    Reply
  6. Hi

    I received an email this morning which stated (and I am going to type this exactly spelt etc as it appeared in my email site)
    Your Email Has Reach its quota copy or paste the link below and fill out the required details to avoid lost of your account

    http/twe.ly/University Admin
    Thanks For Co-operating with Us
    Copyright (c) 2011
    University Help desk Centre

    I have been made aware of a lot of scam going around lately as I’ve had several phone calls supposidly from Microsoft asking me to put my computer on as it needs ‘healing’ ha ha I don’t think so I suggested I phone them back but they insisted they would call me but I then just put the phone down.

    What makes me think this is a hoax or scam is the use of capital letters in odd places and bad English such as he word Reach instead of reached and the use of the capital ‘R’ where it’s not needed.
    I look forward to your reply.
    Sandra

    Quick test: if it asks for your password it’s almost certainly a scam.

    Leo
    19-Sep-2011
    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.