Skip to main content

Windows 10 upgrade email scam could result in hackers taking over your PC

Windows 10 is a free upgrade for people who have a licensed copy of Windows 7 or Windows 8.1 installed on their PC. However, those owners should also be aware of a new email scam that claims to offer the same upgrade, but in fact is a way for hackers to get people to install a ransomware program.

Cisco has discovered that the email is making its way across the Internet via an IP address located in Thailand. The email claims to have an installer attachment that will give PC owners the Windows 10 upgrade. However, the email's text has a number of odd characters, which is a big hint that it is not from Microsoft.

Windows 10 email scam

If a person does in fact click on the attachment and install the program on their PC, they won't get the Windows 10 upgrade but rather the CTB-Locker ransomware variant. The program then shows a message saying that the owner's PC files have all been encrypted and will stay that way unless the user pays their ransom.

Microsoft is definitely not sending out emails with program attachments to get people to upgrade to Windows 10. It has its own "Get Windows 10" app that the company is automatically installing on Windows 7 or 8.1 PCs that performs the upgrade or you can perform a clean install via ISO files. If you see any emails claiming to be from Microsoft with any kind of program attachment, its is an email scam and should be quickly deleted.

Source: Cisco

89 Comments
  • Hackers will never learn! All they get should be death!
  • not all hackers do the same.
  • Need to make a follow-up article detailing how to recover files without paying ;)
  • Oops! Too late, hun? :p
  • Kaspersky apparently has a tool that can help with that issue.  Though it apparently isn't 100%, it's still a chance. 
  • An ounce of prevention is worth a pound of cure. Best way to recover your files is to be prepared and stay smart.  Keep regular backups of your files and system so that you can recover if this happens. Never click on links or files in emails. If your system is encrypted, there is almost zero chance of recovering it without having access to the encryption key, at least within the amount of time allotted by the hijackers.
  • Is it possible to get some ransomware with macosx?
  • That would imply mac was relevant enough for someone to make it for them. Jk, it wouldn't surprise me if there was though
  • I think Mac user are enough. Maybe macosx is just more secure
  • Anyone can send an email..it doesn't depend on mac or windows
  • Most malware/viruses/trojans/ransomware/whatnot has nothing to do with the security of a software or OS, but relies on the gullability or ignorance of users. Hence, any OS is equally vulnerable as long as there are people using them.
  • Exactly.  These emails are just as innocent looking as the I Love You virus in May of 2000, right around Mother's Day that wreaked havoc on computers of some of the most savvy professionals out there. These things have nothing to do with OS.  Maybe alex could explain the MacOS Flashback Trojan. It requires no user interaction.
  • Actually, Mac OS X has been proven multiple times to have more security holes than Windows, the reason there's less malware there is because Less users=Less interest from hackers, sorta like what happens on windows phone with apps
  • I know that scam just happened on iPhones last year where they would lock the person out of their phone and they would have to pay to unlock it. Also I recall 600,000 mac computers were in a botnet for over 6 months before they fixed the problem. It is not more secure just less used, its still only about 4-6% of market share.
  • Something iCattle would mooo...
  • No it isn't. Simply Macs market share is too low to attract hackers. IPhone users are often victims of scammers, for example.
  • Since when has the OSX been impervious to receiving emails from hackers?!!
  • Mac Os X ain't more secure. Hackers are less interested in it.
  • That's a complete fallacy. Mac OSX only has about a 4 market share. It's 'security' is through obscurity. If you're going to only trick a percentage of people with malware, you may as well make sure that percentage contains the largest amount of users possible.
  • Mac OS X can get this kind of stuff too.
  • No need. Users are already paying thousands of dollars to use the same software.
  • OSX and ios as ransomware, explains a lot!
  • Yes. If anything, you could argue that OS X is less secure than Windows simply because there aren't enough users around. Less users = less number of customers for security firms to look after. There have been multiple incidents of security being breached on OS X. The more it grows in market share, the more logical it is to develop a malware program for that particular OS. What's worse is that people tend to have this "I can't get a virus! I'm on a Mac" theory and that often results in them letting their guard down. In the end though, any system is really as good as the user using it. A bit of experience combined with common sense goes a long way.
  • Why Hackers do that? Bunch of fat asses with micro dicks get a life
  • Because they can. That isn't meant to sound dickish. Usually when asked why people do things like this it is usually because they can. So why not
  • My point is why use your intelligence to harm others? I think is lack of confidence on themselves. When you are happy there is no need to hurt others
  • Hacking someone using their lack of knowledge is like "hacking level 1". although it is kind of intellegent to take advantage of the oportunity i would say.
  • I'm sure Hitler used that same excuse. He wasn't such a bad guy, just did it because he could. Hmm?
  • Comparing apples to the Death Star
  • To scam money, they are scammers not real hackers.
  • Well this is something happening....
  • Mailscanner at bottom says emails clean
  • The email is clean, but the attachment is not.
  • Shouldn't attachments be scanned though? Naturally, the text in an e-mail is clean.
  • How do you know the mail scanner text wasn't part of the scammer's original message just to make it look legit?
  • True didn't think of that
  • The Mailscanner text is part of the message.  It is fake.
  • Sad. I want gadgets to expand. But this is only going to keep the govnt wanting it to not expand. This is terrible.
  • ???
  • wtf did u just say here???????????????
  • HAHAHAHA. He must totally baked lol
  • Holy shit!!
  • I'm seeing some web sites (e.g slickdeals.net) injecting full screen "call this number to fix your virus" ad that takes over your Edge browser. Even if you force quit Edge, it keeps coming back next time you launch Edge because Edge remembers the tabs. I had to perform ctrl-F4 real fast right after dismissing the ad to get back my browser. Average users will have hard time with this.
  • You need to access task manager and you can see the edge tab/tabs that are open and you can pick one that you need to close. It also happened to me and every time I end Edge on the task and restart the browser is there again, so I scrolled down and found there are more Edge running and it's related to the tab you have open.
  • That's why Edge needs extension support so that we can use a proper ad-blocker like the one on Chrome.
  • can anybody gimme the link for download for the adblock program or anything like it because i have a lot of ads on browser and my pc is getting slow...
  • Download adblock for chrome or Firefox from their extension stores
  • Look at the formatting errors on the e-mail!   That's hilarious!!! Why is it that you can usually tell the fakes by how sloppy the e-mail is?   If you're going to put the effort into doing something like that and you know that people who are conscious of hacking are trained to look for mistakes, then why not proofread your work?
  • I've always wondered this too. With just 1% more effort, their scam would be 50% more effective.
  • In a sense of irony I guess this is a good thing. It looks bad, so it is found to be dangerous sooner, and so it is avoided by more sooner, preventing a larger amount of harm that would happen otherwise. I was thinking about this though. There isn't even photos of Windows 10, the margins for the email are weird, and whats with the foreign character every time an apostrophe, quotation, or special symbol appears? I guess it's good that hackers are better hackers than they are web designers (emails use HTML) in this case?
  • Wonder how many ignorants already got caught by this and are raging saying its MS fault.
  • lol yup.
  • some people blame Microsoft for this scam eamils
  • This virus is the worst...have so many customers that get this.. Thanks for the heads up.
  • Yes, hate dealing with this crypto virus. More and more people get this everyday. Even Mac OSX computers get these too. Some customers have no choice but pay them to get their files back.
  • I'm 100% sure that there's another way to get the files back......something with the commant line i think.
  • 100% sure then you think? lol. There are many variants of these ransomware. Ever since the rise of Bitcoin, these viruses are more rampant.
  • Unless they're using integrated encryption tools (like bitlocker), then I don't think there is a way of unencrypting files with the command line without an external utility (either GUI or command line based). What I'm wondering though is how are they encrypting files without users noticing? When I run bitlocker it takes a while just for my 32GB machine, and most computers have WAY more storage space than that. Are they showing the ransom screen prematurely in effort to scare users before any harm is done? Or are they actually mimicking some form of progress or installation screen for the scam in order to buy time to encrypt the files. If it's the former then one could theoretically shut down their computer the moment the screen is shown, boot into the Windows Recovery Environment (this is safe from ransomware as it's on a hidden partition), and recover their files (and potentially remove the ransomware if they know what they're doing). This WOULD use the command line too (there is no GUI beyond basic recovery options)
  • I'm guessing it's like "installing windows... Just sit back and relax.... Blah blah..." And shows a loading screen, and people expect windows installations to take a bit so it would have time to encrypt everything during this.
  • MailScanner says the email is safe. Not doing a good job, apparently.
  • The scanner does not scan the attachments
  • Then what's the point? Attachments are the only part that can have a virus. The most the email body can do is trick gullible people, or download images as part of its content that prove your email address exists.
  • A. Anyone can write that in an email (Tip: most email scanners are either in-house (Google, Microsoft), or from a major antiviral name (McAfee, Norton) in my experience)
    B. Some mail scanners cannot scan the contents of compressed files (notice that in the photo the file is a zip folder)
    C. Emails can use HTML (though to what extent I do not know), so theoretically they could create a malicious email using HTML
  • Anyone can write "this is clean" in an email, maybe they wrote it to trick the recipient
  • Whats more interesting is update@microsoft.com , was that really from the MS domain or a simple php sender mail name ?
  • You can send email to appear to be from any address.
  • Thought so. I have done stuff like it before hence....what confused me was that email marked clean and more importantly any fishy domain network via which the email was sent by would most likely result in placing the email in your spam folder...further research on this made sense on how it was allowed to pass thru.
  • I know a site that can make their mail full of spam....
  • It is possible to spoof the name of another email address for the purpose of spam and/or scams. It's happened many a time before (and was even suspected of an actually legitimate Windows Insider survey email here recently)
  • usually such emails end up in ur spam !
  • Guys, Lenovo is taking a small survey for relaunching Classic Thinkpad and Linux extremists are attacking Windows in huge numbers, kindly take part in the small survey and vote for Windows 10 and also leave a comment if possible as Lenovo design head is reading comments: http://blog.lenovo.com/blog/entry/1747
  • http://windowscentral.com/commenting-guidelines/
  • Feel like this will be blamed on Microsoft
  • That's what they get for providing free upgrade but tell people to wait while the internet is blooming with reviews and discussion. It gives a feeling that you're out of the loop.
  • They have a website set up where you can download the ISO file...it's pretty accessible.
  • Mail Scanner, you POS! You had one job! ;)
  • it comes with an attachment to install.... That alone shows it's fake.Microsoft never emails any tool that does updates, it's all done through windows update.
  • I like how the copyright is Microsot -- a small drunken man. LOL!
  • Heh heh i noticed that too...!,:D
  • Obvious spam is obvious. But then again, granmas and granpas will click the bait.
  • I m sure Microsoft will soon update the Windows malware detection to block this.
  • hey guys! Glad that your pcs are hacked! stay tuned for updates in our email! mwhahahah! Jk!
  • Microsoft Inc. Eh? Posted via the Windows Central App for Android
  • Well, Windows 10 and the upgrade to Windows 10 must be causing a stir in the hacker community for them to give it a counter-reaction this quickly. If it were a non-event, they'd completely ignore it.
  • How did they make an e-mail id with "Microsoft. Com" domain?
  • I think they sent emails using mail PHP function in host server which can be used to change senders name and email irrespective of domain.
  • OMG do not upgrade then?????????????
  • Did you even read the title, let alone the article?
  • already people don't check the sender of the mails before check if is genuine or fake? Or if has weird things that makes looks fake