Scammers Target Microsoft Program

Spammers are targeting users of Windows XP with a socially engineered phishing scheme that is designed to exploit Microsoft's Windows Genuine Advantage program. The WGA-specific scam attempts to extort credit card information from its victims by warning that they must validate their Windows installation by updating account information, or risk losing access to their data.

Windows Genuine Advantage is a new anti-piracy effort that employs a system of incentives and disincentives to verify that customers have installed licensed copies of the OS. The program was initially a pilot that provided customers who opted-in with special perks for being "legal." In return for their cooperation, customers will receive discounts on software and bonus downloads.

The phishing scheme emerged on the eve of the WGA program's current phase, which began Monday. With today's changes, customers who do not possess valid product keys will no longer be permitted to download non-critical software updates from Windows Update or access the Microsoft Download Center.

The move is widely seen as a way to curb the practices of unscrupulous system builders, but has had the unintended consequence of inspiring a new series of misdeeds among lawbreakers.

The e-mail, which is sent from the alias of a seemingly legitimate Microsoft employee and is filled with spelling errors, reads: "We have noticed A lot of people are illegally Using our services Without paying for their Windows Operating System. Therefor we've made a web site so you can update or validate your windows serial and credit card information. If you do not comply with our policy, windows will ask you to reactivate your serial number, and it will become invalid. So you will lose any information on your computer. If you do not validate your serial number, your copy of windows will be labeled as piracy."

In reality, the e-mail has more to do with identity theft than its does with piracy. When the intended victim clicks on the link, they are directed to a specially crafted Web site that collects personally identifiable information.

Microsoft would not comment on the specific scam related to WGA, but pointed out a Web site that users can visit to determine the legitimacy of Microsoft Security e-mail. Microsoft also says it is implementing the Sender ID Framework (SIDF) in its e-mail products and services to stop phishing at the source by preventing e-mail forgery, and has added technologies into Windows XP Service Pack 2 that it claims will make phishing more difficult.

For tips on how to avoid phishing scams, refer to Microsoft's consumer education Web page.