Skip to main content Skip to main navigation
Go to Search Page

News & Updates

usccu-credit-union-banner.jpg

Beware of Intel Patch Scams

News

IntelPatchScam_Security_2_22_2018.png

Last month, the media was thrown into a frenzy with the shocking news that millions of processors throughout the world were vulnerable to hackers. The problems, known as Spectre and Meltdown, lie within the core hardware of computers and smartphones, making them nearly impossible to fix or replace. This vulnerability potentially grants hackers access to the most sensitive information on these devices, including passwords, usernames and personal data.

To protect consumers, all major technology companies, from IBM to Apple, created updated versions to strengthen their devices' security and to safeguard against hackers. They've also distributed several different patches to protect against these chip flaws.

Millions of users have eagerly installed these updates and patches, despite technical glitches and other minor inconveniences. However, what they didn't know was that they might have been putting their devices at risk for something far more sinister than a crashed hard drive.

Never resting for long, hackers have created their own brand of malware that is as brilliant as it is nefarious. The criminals have built a malicious app that's cleverly disguised as a patch that allegedly protects the victim's computer against the chip flaws. In the fearful climate following the newsbreak about Spectre and Meltdown, people grabbed at these patches without checking their authenticity.

By the time the malware was discovered, it was too late for many people. Sounds awful? It is. But by arming yourself with the right information, you can protect yourself, your money and your devices against this nefarious scheme.

Here's what to know about the malware patches.

How it works

A panicky consumer searches online for a Meltdown and Spectre patch. They easily find one and proceed to click on the helpful link, which promises to install the patch. What they don't know is that they've actually just installed a malicious app on their device and granted hackers complete access to it. The hackers can now search the device history, copy all of their usernames and passwords and even find sensitive data, like account information and personal finance details.

In Germany and Australia, hackers went so far as to send malicious emails impersonating the countries' security agencies and federal government. The emails urged the recipients to click on the embedded link for a patch. They were then directed to bogus government sites where they were instructed to download a patch. Of course, this "patch" was nothing but a malicious app.

So far, the scam has not reached the U.S. on this level, but harmful apps and downloads have made their way across the ocean to American shores.

More bad news

Just to make sure you really don't sleep at night, Ars Technica, a reputable and trusted news source, recently warned that researchers are dangerously close to weaponizing Spectre and Meltdown. This means that hackers are likely not that far behind. Until now, the assurance that these vulnerabilities have not been weaponized was the one bright spot in the Intel security breach. With this news, protecting your devices is more important than ever. If you still have not received a patch, be sure to keep an eye out for an official update from your processing company.

Recognizing a malicious site or app

The only entities issuing reliable patches are the big technology companies whose names you will easily recognize, like Intel, Microsoft, Apple and Google. To determine if a patch is indeed being distributed by one of these companies, verify the URL. The patches should be sent directly from these companies and not via any other parties or websites. If you don't recognize the site, don't download the patch! The best way to get your hands on an authentic patch or update is to contact these companies yourself and follow their exact directions.

If you've been sent a link for a patch that looks like it might come from one of these companies, don't click on it without first checking its authenticity. You can do this by hovering over the link to see the actual URL the link will go to and then verifying it's indeed being sent by one of the big names in technology.

If you've been contacted about a patch by a party you don't recognize, whether it is by email, social media or even a text message, be sure to ignore it and alert authorities.

Online safety

It's always a good idea to practice good internet hygiene. Whether there's a scam running rampant or not, stick to these rules to keep yourself safe:

  • Never click on links embedded in emails or social media messages from unknown sources, even if they look like they may be from a government agency.
  • Before clicking a link, let your cursor or finger hover over it to see the URL it will take you to if selected.
  • Never share personal information online unless you are absolutely positive about the recipient's authenticity and reliability
  • Be wary of using public Wi-Fi. If you must use it, make sure your security settings are running at full strength.

Your Turn: How do you spot and protect yourself from online scams? Share your best tips with us in the comments!

 

SOURCES:

http://www.zdnet.com/article/windows-meltdown-spectre-watch-out-for-fake-patches-that-spread-malware/
https://www.google.com/amp/bgr.com/2018/01/17/meltdown-spectre-malware-disguised-patch/amp/
https://www.google.com/amp/amp.timeinc.net/fortune/2018/01/29/microsoft-windows-intel-spectre-fix
https://www.staysmartonline.gov.au/alert-service/beware-scam-emails-offering-patches