Scammers are taking advantage of recent news that Microsoft is asking users to verify that they have a legitimate copy of Windows, a security firm said Friday.

According to Websense Security Labs, e-mails bearing the spoofed address of security@microsoft.com and with the heading "Microsoft Windows Update" ask recipients to update and/or validate both the Windows' serial number and the customer's credit card information on a Web site.

"If you do not comply with our policy, windows will ask you to reactivate your serial number, and it will become invalid," the e-mail reads, then goes on to state, "So you will lose any information on your computer. If you do not validate your serial number, your copy of windows will be labeled as piracy."

The message claims that the credit card will not be charged, but is required to validate that Windows is legit. It's signed "Windows XP Activation Team."

Not only does the phishing-style e-mail try to rip off consumers' credit card numbers, but the site linked in the message will try to install spyware on any PC used to surf to the URL, said Websense. Increasingly, phishers are adding spyware to their bag of dirty tricks, installing key loggers and other system monitors on compromised computers to watch for passwords and other account access information.

Savvy users will know that Microsoft never sends unsolicited e-mails relating to security, and that there is no such thing as the Windows XP Activation Team.

TechWeb