Threat Alert: LEGITIMATE EMAILS LEAD To Websites Offering Fake Updates

• Legitimate emails containing links to legitimate but compromised websites have been identified.
• These links lead to compromised websites that perform a series of automated checks to determine factors like the user’s browser and operating system.
• If a recipient’s computer fits the attacker’s desired profile, the website displays a fake browser update.
• Trying to install the fake update can lead to the installation of malicious software  (malware) on a user’s device.

Key Action: Report Suspicious Emails 

• Don’t confuse familiarity and safety. It’s easy for attackers to abuse well-known logos and brands. Pop-ups can be designed to mimic any desired service or alert, and they can even be targeted to match the browser you’re using and your local language.
• Follow approved software installation processes. If you need to download or update a specific software utility or application, follow organization-specified processes or reach out to a member of the technology or security team for help.
• Report ANY suspicious emails using the Phish Alarm button.