We talk a lot on this blog about keeping your company’s digital assets secure — stuff like your network storage, client files, business data, and account access to the systems that keep business moving forward.
And there’s a good reason for it: digital threats to your business are all around you, and they’re more significant and more dangerous than most business leaders realize.
Today we’re looking at another threat that’s a little different from phishing attacks and business email compromise. Let’s examine what we’re calling business software impostors. The good news on this one is that there are two really great ways to avoid the threat — but you and every member of your team have to know how.
What’s a Business Software Impostor?
A business software impostor is a fake version of a popular business software product or digital tool, designed with the intent of perpetrating some kind of attack once installed.
In other words, it’s malware disguised to look like something your team members would recognize — and probably trust.
Right now the app that’s being targeted like this is Zoom, but the same exact attack could happen with any software tool.
How This Attack Works
This attack is similar to that USB flash drive that supposedly “updates Office”, except this time your team members are usually downloading the software (make that malware) and installing it directly.
The way the attack usually works is that, one way or another, a user ends up on a fake site rather than the real one. So when they go to download the software, it’s just as fake as the website they’re on.
This can happen several different ways. One is by misspelling a website and ending up on a cyber criminal’s lookalike site. Going to sketchy, unfamiliar-sounding sites to download well-known software is a risky move that usually ends badly.
Another could be via search: while Google is generally smart enough to avoid these kinds of threats (it’s pretty hard to beat the legit Zoom website at SEO), lesser search engines may serve up a fraudulent result from time to time.
And, of course, the regular ol’ phishing tactic works: “Zoom” (not really Zoom, of course) sends out a mass email telling users that they need to update right now, but the link doesn’t go to zoom.com; it goes to something like “zoom-download [dot] tech”.
Why This Attack Works
Think about the most popular tools you use every day: you may have an industry-specific software solution that isn’t all that widely known, but you’re probably using tools that every other similar business also uses: Microsoft 365, Zoom, Slack, and so forth.
So the criminals figure, if millions of people are using the same tool, hey, we can trick at least a few of them, right?
How to Avoid Impostor Software Attacks
The good news here is that there are two very effective ways to avoid this attack.
One is following safe practices online: if you need something from Zoom, manually navigate to their site or search for it on a reputable search engine like Google. Don’t click shady links from emails or advertisements; legit companies won’t push you for action in those ways.
Even better is endpoint protection, a basic IT security protocol many organizations use to control the computers (endpoints) their team members use and prevent these kinds of malicious installations.
With endpoint protection, your IT team (or your managed services provider) controls which applications are installed and pushes verified, vetted updates to all users. It can be hard to get every single employee up to speed on all these constantly changing threats, but your IT specialists can handle that load — especially if you partner with a firm like ours.
Need help securing your systems, training your teams, or implementing endpoint protection? We’re here to help.