One of the Biggest Risks to Your Business is Malware Disguised as Software Updates
You’ve heeded the warnings about not clicking on strange links in emails. You’re taking to heart the need to change your passwords regularly. You don’t use the same passwords on all your accounts. And, you never give out personal information without verifying it’s a legitimate request. You do all that, right? You probably do because IT support experts, like Invision, go out of our way to ensure you understand their importance to protecting your business from cybercrimes.
One of the best pieces of advice IT security professionals share is to keep your software up to date. Software developers continuously update their software with fixes that address bugs and weaknesses that make their programs vulnerable. By keeping software up to date, you’re better protected from hackers accessing your critical data.
The problem is that hackers use fake software updates to trick you into thinking you’re downloading the latest version, when in fact, you’re giving them access to your system. Adding insult to injury, is that these fake software updates are getting harder to distinguish from real updates direct from the developer. This puts you in a vulnerable position. You want to protect your data, yet how do you tell the real software updates from the fake ones?
It’s not easy. Hackers send fake software updates in many disguises, including emails, pop-up windows and display ads to name a few. Users that click to download and install them wind up with malware wrecking havoc in their systems. Unfortunately, the malware’s damage is done by the time you realize something is wrong and IT support is needed pronto.
What is malware? Malware infiltrates your network. It acts as an opening for hackers to gain access to servers. From there, they can install keyloggers to log your every keystroke, which compromises usernames and passwords. As you’ve undoubtedly seen in the news, malware has allowed hackers access to millions of networks and servers worldwide.
You shouldn’t avoid updating your software for fear of downloading malware. Instead, get familiar with the tell-tale signs of fake software updates.
Pop-up ads offering to scan your computer for viruses or update your software.
These ads pop up while you’re on the internet. They are indeed ads. Even if clicking it does download software, more likely than not, it contains a virus or malware. Real software updates come from the developer’s website or through the software’s settings.
Pop-up ads letting you know your system is full or already contains a virus or malware.
Yikes. Scary. Hackers are playing on fear. Click on the popup and you’ll be installing a virus or malware. Again, developers of legit anti-virus software don’t engage in popup ads.
Popup ad offers a new plug-in for your software.
If you need a plug-in for your software, go to the developer’s site and download it from there. Getting it from a popup ad isn’t going to happen. Why? It’s a scam and whatever that plugin is, is going to install a virus or malware on your system.
Popup ads appear for software you don’t even have on your system.
It’s difficult to keep track of all the software installed on your system. See signs above and never download anything software-related from a popup ad. However, if seeing the popup makes you wonder if you even have that software, satisfy your curiosity by going into your computer’s applications folder. And, even if you do have the software installed, don’t click on any popup ad.
Popup screen appears asking you to provide or confirm billing or personal information.
For any software that you have installed, you already provided the necessary information when you originally downloaded and installed it. For a lot of software these days, it automatically renews or you have to login to your account on the developer’s website to renew. Developers will never request an update via a popup screen. If you subscribe to a software program, consider setting a calendar reminder of its expiration date and go directly to the website to manage your account.
Notification via email that you need to update your software.
These are the most devious of methods. You did provide your email address and it’s reasonable a software company would use it to communicate with you regarding software news and updates. That’s why software companies have changed their practices and now send alerts through the software itself (when you have it open) or through your settings (which you can configure to update software automatically). That being said, if you’re suspicious of an email, look at the sender’s email address. It might have the software name in it, but there will be something wonky about it, such as email@example.com. (The updateme part is wonky, as it would normally just be adobe.com.)
What to Do if You Accidently Download a Fake Software Update
Immediately contact your IT support company. Don’t have one? Then, turn to the pros at Invision. The local IT solutions provider and anti-malware crusader you need is a phone call or short drive away.