Cybercriminals May Steal Passwords From Windows 7 Users via Free Upgrade

Cybercriminals have been exploiting the last remaining users of Windows 7 with a supposedly free upgrade, only to steal their passwords.

After more than ten years of being one of the most popular operating systems, Windows 7 has officially reached its end of life (EOL) phase on January 14, 2020. Microsoft has stopped providing technical support for any issues with the OS, as well as software updates and security updates, patches, or fixes.

A Post-EOL User Base for Windows 7

Forbes reports that as of September 2020, Windows 7 still commands a 25 percent market share. In terms of all operating systems, the now-defunct Microsoft OS still has more users than Apple Mac OS X10.15 with only 3.8 percent market share, and its supposed successor, Windows 8, with only 3.1 percent share.

From this latest data, Windows 10 has a steady grip on more than half of the desktop operating system market, with 57 percent of the market using the latest Microsoft OS.

RELATED: Windows 10 Creators Update: Hidden Themes Revealed, But Microsoft Halts Installing The Update Manually

As for the aging, unsupported Windows 7, security experts warn that without official support, the operating system grows more vulnerable to threats and external attacks. The Federal Bureau of Investigation has warned that cybercriminals target operating systems reaching EOL status.

"With fewer customers able to maintain a patched Windows 7 system after its end of life, cybercriminals will continue to view Windows 7 as a soft target," the FBI warned in a statement.

Phishing Information from Windows 7 Users

Kaleb Kirk from Cofense explains one of the phishing schemes that target users of Windows 7 far into 2020.

The attack is focused on business users, supposedly notifying of a Windows 7 to Windows 10 upgrade scheduled on the same day.

Kirk notes that some attackers use "RE:" like most internal company circulars, citing that it "may instill a sense of urgency by leading the user to believe they have missed a prior communication about the upgrade." If the "free upgrade" link is clicked, users are taken to a credential phishing page, emulating a Microsoft Outlook Web App login page. After logging in and stealing the login credentials, the victims are taken to the Microsoft page announcing the end of Windows 7 support.

Upgrade to Windows 10, Straight from Microsoft

Windows 10 was first made commercially available in 2015, with Microsoft offering a promotional activity that allowed existing Windows 7 users to upgrade their OS freely. Although this offer officially ended on July 29, 2016, almost a year after Windows 10's official release, users report that these features remain available - and free.

Davey Winder from Forbes noted user reports that reportedly made the safe and free upgrade to Windows 10. On the Microsoft software download page, users can choose from Windows 10 or Windows 8. For Windows 10, its page has a "Create Windows 10 Installation Media" option, with a set of instructions to follow. For legitimate users of Windows 7, there will not be any requirement to enter a new product key for the new operating system.

Join the Discussion

Recommended Stories

Real Time Analytics