Last month, we learned that millions of processors throughout the world were vulnerable to hackers. The problems, known as Spectre and Meltdown, lie within chips of computers and smartphones, making them nearly impossible to fix or replace. To protect consumers, all major technology companies have created updated versions for their devices’ security and distributed patches to protect against these flaws.
Millions of users have installed updates and patches, despite technical glitches and other minor inconveniences.
However, hackers are now exploiting the fearful climate following the newsbreak. The criminals have built a malicious app that’s cleverly disguised as a patch that allegedly protects the victim’s computer against the vulnerabilities.
Arm yourself with the right information to protect yourself and your devices against this nefarious scheme.
How it works
A panicky consumer searches online for a patch. They easily find one and proceed to click on the helpful link promising to install the patch. Instead of a patch, they’ve actually just installed a malicious app granting hackers complete access to their device.
In Germany and Australia, the hackers sent emails impersonating the countries’ federal security agencies. The emails urged the recipients to click on the embedded link, and they were then directed to bogus government sites where they were instructed to download a patch. Of course, this “patch” was nothing but a malicious app.
So far, the scam has not reached the U.S. on this level, but harmful apps and downloads have made their way to American shores.
Recognizing a malicious site or app
Only the big technology companies whose names you will easily recognize, like Intel, Microsoft, Apple and Google, are issuing true patches. To determine if a patch is indeed being distributed by one of these companies, verify the URL. The patches should be sent directly from these companies and not via any other parties or websites. If you don’t recognize the site, don’t download the patch! The best way to obtain an authentic patch is to contact these companies yourself and follow their exact directions.
If you’ve been sent a link for a patch that looks like it comes from one of these companies, first check it for authenticity. Hover over the link to see the URL the link will go to for verifying that it’s from a reliable source.
If you’ve been contacted by a party you don’t recognize regarding a patch, ignore it and alert the authorities.
It’s always a good idea to practice good internet hygiene.
- Never click on links embedded in emails or social media messages from unknown sources.
- Before clicking a link, let your cursor hover over it to see the URL it will go to.
- Never share personal information online unless you are absolutely positive about the recipient’s authenticity.
- Be wary of using public Wi-Fi.