We’ve received increased reports of a new phishing scam email message that uses the name and official logo of the Microsoft Digital Crimes Unit (DCU). The wording varies, but it looks like a security measure and says you need to validate your account by confirming your user name and password or by opening a file attached to the message.
This is a fake message, but DCU is a real worldwide team of lawyers, investigators, technical analysts, and other specialists working to transform the fight against digital crime through partnerships and legal and technical breakthroughs that destroy the way cybercriminals operate. The DCU is a unique team in the tech industry, focused on disrupting some of the most difficult cybercrime threats facing society today – including malicious software crimes fueled by the use of botnets and technology-facilitated child sexual exploitation.
DCU does not send email to individuals asking them to validate their account information. If you get one of these email messages, it is a scam.
There are legitimate times when, in the course of a botnet cleanup effort, DCU will work to inform known victims of a particular threat to help them remove the botnet malware and regain control of their computer. Sometimes Microsoft will work with Internet service providers (ISPs) and Computer Emergency Response Teams, who in turn will work to inform malware victims by communicating through their already-established relationship with their ISP customers. This enables ISPs to be able to reach victims in a way that is clearly verifiable to botnet victims as legitimate. Other times, Microsoft may indeed notify victims directly – but not in email and not to verify account information, as the phishing scams claim.
When DCU does inform victims directly about a known malware infection on their computer, like in the recent case involving the Bamital botnet takedown, it will not ask people to click on a link or download an attachment. Rather, DCU’s communication will be done over a secured connection and will be readily verifiable as legitimately coming from Microsoft. These notifications will often also be accompanied by a high profile public information campaign that outlines the notification process, which will also help people independently verify that a warning is real and actually coming from Microsoft.
If you receive an email message claiming to be from the DCU, do not click on links or open any attachments. Instead, you can either just delete it or you can report it.
Here’s a copy of the fake message:
This message contains three common signs of a scam:
- Impersonation of a well-known company or organization
- Time-sensitive threats to your account
- Requests to click an attachment or link
Get more information on how to recognize phishing email messages, links, or phone calls.