Key Takeaways
- Scammers use fake Windows Updates to steal personal information through a smokescreen.
- Scammers require remote access to perform this tactic effectively.
- To avoid this scam, don’t accept random access requests & disconnect if faced with a fake update screen.
Windows updates are immensely frustrating when they pop up at inopportune moments. However, some devious scammers are using fake updates as a smokescreen to steal people’s data.
What Is the Fake Windows Update Scam?
The fake Windows update scam is a pretty crafty trick. To start, the scammer establishes a connection with your PC. Once the scammer can access it, they send a fake Windows Update screen. This screen looks like the blue “Working on updates” screen you see while installing a Windows Update.
While the scammer shows you this fake Windows Update, they work in the background and steal your files. By the time the fake update completes itself, the scammer has already made off with your personal information. They then hold your data for ransom and threaten to release it into the dark web unless you pay up.
How Does Someone Show You a Fake Windows Update?
Fortunately, you don’t have to worry about a hacker randomly gaining access to your PC and performing this attack. The attacker requires an attack vector that gives the scammer elevated permissions to your PC. Only then can they perform the scam properly.
As reported by security firm Sophos, scammers can begin their attack through any remote desktop software, but they’ve usually been spotted using AnyDesk. AnyDesk itself isn’t malicious; it’s an app that allows people to connect remotely from one PC to another. We covered more about the app in our guide on how to use AnyDesk to connect remotely to another Windows PC.
The scammer begins randomly asking users on the platform to establish a connection with them. In the case of AnyDesk, this involves entering the ten-digit number associated with each user. Sophos noted that the scammers seem to be randomly drawing out valid numbers and aren’t targeting specific high-profile users.
If the victim accepts the scammer’s request to connect, the agent will gain access to the victim’s PC. From here, the agent will upload a file called “Microsoft Windows Update” to the target computer and run it. This will display a full-screen animation mimicking the Windows update progress screen while also disabling the keyboard to prevent the user from interfering.
While the user waits for their fake update to complete, the scammer works through the system and steals any vital information. This includes accessing the victim’s OneDrive account associated with their username.
Once the agent has the target’s files on their servers, they leave a ransomware note demanding the victim paywithin a week. Otherwise, the agent will release the private files onto the dark web.
How to Stop the Windows Update Scam
While this tactic seems especially devious, the good news is that it’s pretty easy to counter once you learn of its existence and how it works.
First, the scammer cannot perform this attack on any PC they like. They need the remote access software to gain the permissions needed to perform the scam. As such, you don’t need to worry if you don’t have any remote access apps installed on your PC.
If you do use remote access software, never accept a random request to access your PC. Remember, these apps do much more than just give someone control over your mouse; as we saw in the example above, they can also transfer files from your PC to theirs.
It’s also worth noting how scammers use remote access software to scam people. That way, if someone claims that they need access to your PC to fix something, you can spot the scam a mile away and deny them access to your PC.
In the worst-case scenario, you allow them access to your PC and then see the fake Windows update screen. If this happens, you can disconnect your PC from the internet, either by removing the Ethernet cable from the back or turning off the router if you’re on Wi-Fi. Doing so will cut the connection between you and the scammer, denying them access to your files.
While the fake Windows update scam may sound scary, you can avoid it by keeping a sensible head on your shoulders and thinking twice before accepting requests to access your PC. If you manage to do that, the only Windows updates you need to worry about are the real ones restarting your PC at an inopportune time.