Browser Update Scams
Threat Alert
Browser Update Scams
Fake browser updates have been making the rounds again, and they pack a punch! Recent incidents involve a hijacked website. Code on that website redirects the user to an imitation browser update page, complete with convincing language and logos. The page lures the user into clicking a download button which loads malware one of two ways. Either the button itself initiates the download or it leads to a series of fake responses which lead the user to copy and paste malware code into PowerShell on their own device.
Malware, What Malware?
Among the types of malware found on these fake browser updates are remote access trojans (RATs) and stealers. Stealers siphon information such as login credentials and credit card numbers to the criminals. RATs enable hackers to make changes on infected devices without the user’s permission. Possible outcomes include account takeover, lost information, lost payment processing details, and more.
The Big Deal
These new browser update scams make old versions seem laughable. They convincingly mimic legitimate browser updates, matching the language and format to the browser the user has open. In so doing, they effectively leverage the user’s trust for their browser.
4 Ways to Avoid Taking the Bait
- Never download a browser update from a pop up. Enable automatic updates instead.
- Use endpoint protection that detects and blocks files like these.
- Implement training so staff are familiar with what should vs what should not be going on.
- As Brian Krebs points out in his Three Rules for Online Safety, “If you didn’t go looking for it, don’t install it.” If you find a notice that your browser needs updating credible, close the browser out and find the update through official channels. Check out our blog on Updating Your Browser for more.
3 Ways to Keep Your Site From Being Used
- Keep your websites and any plug-in tools you may use updated. Check our blog Keeping Your Site Safer for more.
- Click through your organization’s website periodically just as a fail-safe to ensure your links lead where you intend them to go.
- Use a website maintenance company that checks to make sure your site it patched and ready to go. If you need one, schedule a call with us at the link above.
For an In-Depth Look
Get more details about recent browser update scams referenced in this post from The Hacker News here.
ABOUT FRONTLINE TECHNOLOGY LLC
Frontline Technology is one of the only ministry-focused IT companies that is led by pastors and ministry leaders. With over 20 years' experience serving organizations of all sizes, Frontline understands the unique needs, budgets, and technology challenges of nonprofits.
Technology is often perceived as complicated and expensive. Many nonprofits struggle to implement the technology solutions and security needed to drive their mission forward. Frontline Technology helps nonprofits overcome their technology challenges so they can stay focused on their mission.
For nonprofits of every type and size: We Keep IT Simple
Contact Us
Frontline Technology is one of the only ministry-focused IT companies that is led by pastors and ministry leaders.