When I opened my mail this morning, I found a message pretending to be from Microsoft. It offered me to install a Critical Update for Microsoft Outlook / Outlook Express (KB910721), and also sent the download link. The sender pretended to be firstname.lastname@example.org… This is what the mail looked like.
Now look at the real link target.
What does this tell us? Watch out! Microsoft never sends out mails containing download links to patches, security or other updates. If you receive such a mail, declare it as Junk and delete it unseen—or, in my case, just empty the Junk mail folder.