Scammers are using fake Windows updates to steal users' files

What are fake Windows updates?

Scammers are using fake Windows updates to steal users' files Picture 1

Fake Windows updates are quite a sophisticated scam. To start, the scammer establishes a connection to your PC. Once the scammer has access, they send a fake Windows Update screen. This screen looks like the blue "Working on updates" screen you see when installing Windows Update.

While scammers show you this fake Windows update, they work in the background and steal your files. Once the fake update is complete, the scammer has stolen your personal information. They then hold your data for ransom and threaten to release it to the dark web unless you pay.

How do scammers show you fake Windows updates?

Scammers are using fake Windows updates to steal users' files Picture 2

Luckily, you don't have to worry about hackers randomly accessing your PC and carrying out this attack. An attacker needs an attack vector that grants higher permissions to your PC. Only then will they be able to execute the scam properly.

According to a report by security company Sophos, scammers can initiate their attacks through any remote desktop software, but they are often detected using AnyDesk. AnyDesk itself is not malware; This is an application that allows people to remotely connect from one PC to another.

Scammers start asking users on the platform to establish connections with them at random. In the case of AnyDesk, this involves entering the 10-digit number associated with each user. Sophos noted that the scammers appear to be randomly drawing valid numbers and are not targeting specific high-status users.

If the victim accepts the scammer's connection request, they will gain access to the victim's PC. From here, the bad guy will upload a file named "Microsoft Windows Update" to the target computer and run that file. This will display a full-screen animation that simulates the Windows update progress screen while also disabling the keyboard to prevent user intervention.

While users wait for their fake update to complete, the scammer works through the system and steals any important information. This includes accessing the victim's OneDrive account associated with their username.

After the bad guys get the target's files onto the server, they will leave a ransomware note asking the victim to pay within a week. Otherwise, bad guys will release private files to the dark web.

How to stop Windows Update scams

While this tactic may seem especially insidious, the good news is that it can be easily countered once you learn about its existence and how it works.

First, scammers cannot perform this attack on any PC they like. They need remote access software to gain the necessary permissions to carry out the scam. Therefore, you don't need to worry if you don't have any remote access applications installed on your PC.

If using remote access software, never accept random requests to access your PC. Remember, these apps don't just let someone take control of your mouse; As seen in the example above, they can also transfer files from your PC to your PC.

It's also worth noting that scammers use remote access software to scam people. That way, if someone claims they need access to your PC to fix an error, you can detect the scam remotely and deny them access to your PC.

In the worst case scenario, you let them access your PC and then see a fake Windows update screen. If this happens, you can disconnect your PC from the Internet, either by removing the Ethernet cable on the back or turning off the router if you're using Wi-Fi. Doing so will cut the connection between you and the scammer, denying them access to your files.

While the fake Windows update scam may seem scary, you can avoid it by keeping a clear head and thinking carefully before accepting requests to access your PC. If you do that, the only Windows update you need to worry about is the one that actually restarts your PC at an inopportune moment.

David Pac

Update 28 August 2024