CTW #9 — July 2024 - National Cybersecurity Society

NCSS-3397-Bulletin-Header-Footer-Header Graphic 1600x350-Compressed

Published: July 19, 2024

Our new bulletin Cyber Threat Watch has been created to help small businesses stay up to date on the latest threats, news, and events affecting their business. The content has been curated to make cybersecurity easy and accessible for both technical and nontechnical readers.

Featured Cyber Threat — Fake Google Chrome Update Pop-Ups

3d illustration of Data phishing concept, Hacker and Cyber criminals phishing stealing private personal data, password, email and credit card. Online scam, malware and password phishing.

In today’s digital world, cybercriminals are increasingly creative in their attempts to deceive people. One of their latest scams involves fake Google Chrome update pop-ups. These deceptive messages appear to be legitimate browser updates but are designed to trick users into downloading harmful software. Understanding this manipulation technique is vital for keeping your personal information and devices safe.

Understanding the Fake Web Browser Update Scam

How It Works:

Website Hijacking: Cybercriminals often target poorly secured websites. When users visit one of these compromised sites, they may encounter a pop-up that mimics a Google Chrome message prompting them to update their browser. This message usually appears a few seconds after the page loads.
Fake Website Addresses: These websites might appear to be legitimate sites but are actually set up to trick users into downloading malware.
Deceptive Update Notifications: These fake update notifications are designed to look very convincing. They might display a message like “Warning: Update Chrome Browser Now!” accompanied by an “Update” button, urging users to act quickly.
Malicious Downloads: Once clicking this fake “Update” button, users will be redirected to a website that automatically downloads malware onto their device. This harmful software can include programs that grant hackers access to users’ devices and personal information.

How To Protect Yourself

This scam may not be limited to Chrome users. It can appear on any browser to target more users. The more people who see and click on these fake web browser updates, the more widespread the damage can be. Here is how you can protect yourself from getting scammed.

Regular Updates: Keep all web browsers and extensions (small software programs that customize users’ browsing experience) up to date to close any security gaps. Consider using a web application firewall for an extra layer of protection.
Update Verification: If you see a pop-up asking you to update your browser, don’t click on it right away. Instead, visit your browser’s official website or check for updates directly through browser settings.
Avoiding Risky Sites: Stay away from insecure websites known for sharing pirated content, illegal downloads, or streaming. These sites are often used to spread malware through fake ads and pop-ups.
Caution with Email Attachments and Links: Be cautious with emails containing attachments or links, especially if they come from unknown sources. These can be scams trying to get you to download malware.

Using a free website security scanner like Sucuri SiteCheck can also help identify and warn you about this type of threat. However, even with the use of security tools, it is crucial to stay alert and be cautious about unexpected update prompts.

Conclusion

Fake Google Chrome update pop-ups are a growing threat that can trick people into downloading harmful software onto their devices. By understanding how this manipulation technique works and staying alert for unexpected update messages, you can protect your devices and personal information. In summary, be skeptical of sudden update prompts, verify their legitimacy through official channels, and practice safe browsing habits. This way, you can avoid falling victim to these deceptive scams.

The NCSS encourages businesses to adopt comprehensive security practices and stay informed about evolving threats. We recommend you consider becoming an NCSS member to access a wide range of our services. For more information, visit our Small Business page.

References

https://blog.sucuri.net/2024/06/hundreds-sites-targeted-by-fake-chrome-update-pop-ups.html

https://www.youtube.com/watch?v=5uv1K0Dqe-Q

https://cybersecuritynews.com/fake-chrome-update-pop-ups/

https://thehackernews.com/2024/06/hackers-exploit-legitimate-websites-to.html

https://thehackernews.com/2024/06/hackers-target-python-developers-with.html

https://www.peris.ai/post/dont-click-that-update-the-hidden-dangers-of-fake-chrome-pop-ups

https://www.pcrisk.com/removal-guides/30283-your-chrome-version-does-not-include-the-latest-update-pop-up-scam

https://www.linkedin.com/pulse/dont-click-update-hidden-dangers-fake-chrome-pop-ups-codeguardians-shzqf?trk=public_post_main-feed-card_feed-article-content

NCSS-3397-Bulletin-Header-Footer-Attribution Banner 1600x200

About the NCSS

The National Cybersecurity Society (NCSS) is committed to improving the online safety and security of the small business community through education, awareness, and advocacy. As a 501(3)(c) organization, the NCSS uses funds from charitable donations and grants to develop educational materials, webinars, weekly cyber tips, videos, and how-to-guides. The organization’s goal is to enable and empower small and medium businesses to obtain cybersecurity services, assist them in understanding their cyber risk, and advise on the type of protection needed. We want to continue to grow our community and encourage you to tell other small businesses we are here to help.

The NCSS is committed to respecting the use of images in our communication efforts. Accordingly, unless otherwise specifically noted, the graphics in our bulletin are sourced under license from Adobe Stock. The header and footer images were designed and purchased through a contract with Eyedea Advertising & Design Studio.