Software Update Scams: What Your Business Should Know
by Stephanie Faris on Monday, July 25 6:00
However, a new scam should have IT staff on full alert. Consumers have been seeing pop-ups stating that their software is out of date. When the customer clicks to update, the downloader installs malware on the machine. So far these come disguised as Flash, Java, or video player updates. For businesses that have devices set to block downloads at the user level, this shouldn t be a problem, but it s important that businesses take measures to stay safe. Here s what businesses should know about software updater scams.
Recognizing Fake Installers
Before businesses can warn employees about malicious downloads, it s important that they recognize the difference between legitimate requests and those that could contain malware. Since these requests can look identical to the real thing, it s important that users be trained to never click okay when prompted to update. Ideally, they ll contact their help desk and have someone from IT come by to look at it.
To be safe, technicians should always go directly to the source for downloads. Flash updates should come from Adobe s website, Java updates should come from Oracle s site, and any video updates should come directly from that manufacturer s page.
Strong antivirus protection on every device, as well as on your network, can help prevent issues. Device-specific firewalls can also stop intrusions in their tracks, in addition to the firewalls you have installed on your servers. Once this infrastructure in place, make sure you regularly update antivirus software on each device to get the latest definitions.
User management policies are essential to keeping your work environment safe. Each user should be given the lowest level of privileges possible without hampering their work. Even if it s inconvenient for a technician to do small things like routine software updates, those small measures will keep your environment safe.
Some fake software update notifications now come through email. The end user is asked to click on a link and enter a username and password to access the download file. This provides login credentials to a hacker, who can then use that information to access that site and other sites, since many people use the same username and password for multiple accounts.
Since many employees now use their personal devices for work purposes, education is important. Workers should be urged to avoid clicking on notifications and instead go directly to the source when using personal devices. This will prevent malware from being installed on personal devices that are used to access your network.
Update scams will likely only grow more sophisticated over time. By locking down access, you can keep your equipment safe and prevent malware from spreading throughout your organization. User training can also keep your systems safe, especially if you continue to supplement that training with email warnings whenever new threats emerge.