Scammers demand $143 from Windows users, threaten with file deletion

German Windows users are the latest target of some pretty brazen scammers, warns Panda Security.

The whole thing starts with a Trojan – likely received via spammy emails or P2P networks – which gets installed on the victim’s computer and restarts the system.

When the loading process is finished, the user is faced with a message saying that Microsoft has detected that his copy of Windows is pirated, and that unless he pays a fee of 100 Euros (around $143) in the next 48 hours, he won’t be able to access his files ever again.

The message also says that if he doesn’t pay, he can look forward to a visit from prosecutors who, allegedly, are aware of his address.

The background of the message sports the Microsoft’s logo and mimics the infamous Windows “black screen” in order to lend a semblance of legitimacy to the threat.

If the user falls for it and follows the offered link, he is taken to a website posing as the Microsoft Licensing Center (click on the screenshot to enlarge it):


He is asked to enter the offered identification number, and once he has done it, he is taken to a site where he can enter the personal and financial information needed to effect the payment through Ukash or Paysafecard – two payment services popular in Europe.

The activation code – which, by the way, is QRT5T5FJQE53BGXT9HHJW53YT – is sent to the user after a while.

It triggers the removal of the malware and the modified registry key, and he can now access his files again. But, unfortunately, he is now 100 Euros lighter.

Share this
You are reading

Scammers demand $143 from Windows users, threaten with file deletion