The Unsolicited Update Scam

The purpose of this scam is to get you to execute a virus-laden file under the guise of an update to a legitimate piece of software. Microsoft, Symantec, HP and other companies don't email patches to people. At best, if you have registered your software with the vendor, they may send you a notification when updates are available, and tell you how to go to a legitimate site to download the update.

One of the "giveaways" of this scam is the use of the word "patch." Everybody knows what a patch is. Even people who develop software use the term. But the word is rarely put in print officially. The particular scam shown here didn't use "patch" proving that even scammers are getting smarter.

Sample of Spam from my "garbage" account

Below is an example of one of the better known scams of this type. This particular scam is done very professionally. The scammer took the time to download images and links from the Microsoft site (something that's very easy to do), and put them into an official looking page. In fact, everything on this page is legitimate. If you click on the links they will, indeed, take you to the appropriate pages on the Microsoft site.

Everything is legitimate, except for the attachment (not shown). Remember, legitimate organizations won't email you attachments. You will have to go up to the site and download them. As skeptical as I am, I download all my updates to a folder, run a virus scan on them and then execute them.

If you receive an unsolicited email such as the following, simply delete it and the attachment. Chances are your virus software (or that run by good ISPs) will have caught and screened out the attachment before you had a chance to see it.