Windows users are being urged to stay vigilant following the discovery of a new scam that uses fake software updates to steal personal data. Cybersecurity researchers at Malwarebytes have identified fraudulent websites that closely mimic official Microsoft pages, tricking users into downloading malicious files.
The scam involves emails, texts, or notifications directing users to websites that replicate Microsoft Support and Windows Update pages, complete with copied fonts, colours, and convincing web addresses. Once on the site, users are prompted to download what appears to be a legitimate Windows update, but in reality contains malware designed to steal passwords, payment information, and account details.
“If you receive an email, text, or notification urging you to install an urgent update, don’t click the link,” Malwarebytes warned. “Instead, open Settings > Windows Update and check directly.” The downloaded file appears genuine, helping it bypass suspicion from users and some security software.
Although many current targets are in France, experts warn the campaign can spread rapidly. To stay protected, users should never trust update links sent through email, text messages, or social media. The safest method is to use Windows’ built-in update system: open Start, go to Settings > Windows Update, and select “Check for updates.”
Security experts also recommend enabling automatic updates to reduce the need for manual installations, lowering the risk of falling victim to such scams. Windows 11 users in particular are advised to be cautious of unexpected messages claiming an urgent update is needed.
