COVID-19: Our number one priority is the health and safety of our employees, customers and partners. See statement from our CEO.

— Blog

The Danger of Fake Patches

John Matis
July 15, 2014

We talk a lot about threats to data security on this blog, and personal experience has probably acquainted you with everything from Trojan Horses to phishing.

Here’s a particularly sneaky threat that’s becoming more and more common: fake patches.

Part of what makes them a problem is that, unlike those spam e-mails from people and companies you don’t know, fake patches can look like perfectly reasonable notices from software services or programs you’d expect to receive patches from, like Adobe or Google Chrome. The fake updates display the company logo, so they seem real enough. Just last year, in fact, hackers sent out a fake version of Java Update 11 that contained malware.

How well-equipped you are depends, not surprisingly, on the security measures you have in place. Keeping the auto-update feature on is good practice, provided your software is designed to identify incoming patches and make sure they’re genuine. Even then, it’s possible for malware to use a fraudulent certificate to get around an auto-update program.

There are a number of things you can do to minimize risk. Cutting down on Shadow IT and foreign software on corporate machines makes it harder for hackers to send fake patches. A robust antimalware service is another step.

But at the end of the day, just being smart and cautious goes a long way. Fake patches often look suspicious in the same way spam e-mails look suspicious. They might have misspellings or they just don’t look like a software update you’re accustomed to seeing. They might even ask you to pay for the software they’re asking you to download.

Little things like avoiding pop-ups and scanning and cleaning your computer help, too. And, as always, talk with the IT department and back up your files. Communication and stored, safe files will ensure a small problem doesn’t become a big one.

If you’d like to talk more about security, you can connect with us through the contact page of our site, or by Facebook or Twitter.

Log in op het klantenportal
Wilt u contact opnemen?


We gebruiken cookies om uw ervaring op onze site te personaliseren en verbeteren. Zie onze Cookie-verklaring voor meer informatie over of het aanpassen van cookies op deze site.

Neem contact met ons op