Outlook update scam warning

A banking Trojan posing as an update for the Outlook email program should be avoided at all costs, security experts have warned.

The Trojan, which hides in an email designed to look as if it has come from Microsoft, aims to steal sensitive information when you visit a banking or commerce website.

A link in the email directs you to a rogue server hosting the Trojan which is downloaded to your computer if you click on it.

Read Web User's guide to staying safe online

"All the links in the email are legitimate – except one. The URL where the 'critical update' may be downloaded looks legitimate, but hovering over the hyperlink reveals a totally different destination," said Argie Gallego of Trend Micro.

The Trojan then springs into action whenever you visit websites listed in its database in the hope of getting your credit card number or bank login details.

"Whenever the user visits any of the monitored sites, the Trojan starts logging keystrokes. It then saves gathered information in a file and then sends the file to a dedicated server," said Gallego.

Trend Micro recommends that you should delete any emails you receive that claim to come from Microsoft relating to security updates.