“Cyber Crime Department” scam

We’ve received increased reports of a new phishing scam email message that uses the name and official logo of the Microsoft Digital Crimes Unit (DCU). The wording varies, but it looks like a security measure and says you need to validate your account by confirming your user name and password or by opening a file attached to the message.  

This is a fake message, but DCU is a real worldwide team of lawyers, investigators, technical analysts, and other specialists working to transform the fight against digital crime through partnerships and legal and technical breakthroughs that destroy the way cybercriminals operate. The DCU is a unique team in the tech industry, focused on disrupting some of the most difficult cybercrime threats facing society today – including malicious software crimes fueled by the use of botnets and technology-facilitated child sexual exploitation.

DCU does not send email to individuals asking them to validate their account information.  If you get one of these email messages, it is a scam. 

There are legitimate times when, in the course of a botnet cleanup effort, DCU will work to inform known victims of a particular threat to help them remove the botnet malware and regain control of their computer.  Sometimes Microsoft will work with Internet service providers (ISPs) and Computer Emergency Response Teams, who in turn will work to inform malware victims by communicating through their already-established relationship with their ISP customers. This enables ISPs to be able to reach victims in a way that is clearly verifiable to botnet victims as legitimate.  Other times, Microsoft may indeed notify victims directly – but not in email and not to verify account information, as the phishing scams claim. 

When DCU does inform victims directly about a known malware infection on their computer, like in the recent case involving the Bamital botnet takedown, it will not ask people to click on a link or download an attachment.  Rather, DCU’s communication will be done over a secured connection and will be readily verifiable as legitimately coming from Microsoft.  These notifications will often also be accompanied by a high profile public information campaign that outlines the notification process, which will also help people independently verify that a warning is real and actually coming from Microsoft.

If you receive an email message claiming to be from the DCU, do not click on links or open any attachments.  Instead, you can either just delete it or you can report it.

Here’s a copy of the fake message:

This message contains three common signs of a scam:

  • Impersonation of a well-known company or organization
  • Time-sensitive threats to your account
  • Requests to click an attachment or link

Get more information on how to recognize phishing email messages, links, or phone calls.

About the Author
Eve Blakemore

Group Manager, Trustworthy Computing

Eve Blakemore is a Group Manager for Trustworthy Computing who delivers consumer guidance around the latest trends in security and privacy. Eve joined Microsoft in 1998 and has worked in corporate and field roles with Microsoft Learning, US Public Sector, Read more »

Join the conversation

  1. Anonymous

    Some what confusing how to go about d/l for corrrections of vulnerabilty to delete.

  2. Anonymous

    Hotmail will not allow me to change my account name.  My account has been compriomised by the theft of a computer tablet and someone has been using my account to send fraudulent personal messages using my name.  How can I correct/stop this and prevent it from happening again?  Is there any way to change my email accouint without losing all of my information?

  3. Anonymous

    My computer ALERT ICON is telling me that my Microsoft Security Essentials is not protecting my computer but, I check out the program and it says it's on. Now what ?

  4. Anonymous

    thanks for info., im less gullable now than 5yrs ago, but that very well may have gotten me

  5. Anonymous

    I received an email that got past the junk filter.  It is obviously trying to perpetuate a fraud by offering millions of dollars for a reply.  Is there somewhere I can send this email to catch these criminals???

  6. Anonymous

    it is normal for one pc home hause pc? no server no ti, no desenvolvidor , only person use pc for games ;

    all in my pc is fake i try opem one site Microsoft i get error :

    Runtime Error

     Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

    Details: To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".

    <!– Web.Config Configuration File –>



           <customErrors mode="Off"/>



    Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's <customErrors> configuration tag to point to a custom error page URL.

    <!– Web.Config Configuration File –>



           <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/>



  7. Anonymous

    An interesting article, phishing seems to have become very common in cyberspace, though more users are becoming more aware of the methods hackers use. Fraudulent websites are also an issue, the IACC has created a spoof website highlighting the need for an awarness online.  

    "Free identity theft with every purchase” & “50% off your life savings” – just some of the messages the International Anti-Counterfeiting Coalition (IACC) includes on its new spoof website mocking those that sell fake items, to help fight counterfeit luxury goods. Whilst the parody website is humorous, it also has a serious message to educate users on the dangers of buying fakes online. This and other global fraud-related news items can be found in The Inkerman Group's FREE weekly e-publication. E-mail investigations@inkerman.com and request to be added to our distribution list.

    To see the spoof website visit:


  8. Anonymous

    Makes me wonder, if my next computer will be a MAC

  9. Anonymous

    Thanks for sharing useful info  on virtually identical, here i got lots of knowledge about it.

Comments are closed.