Adobe Flash Update Scam: December 2017 Scam of the Month
Have you heard about the Adobe Flash update scam?
Adobe Flash Player has unfortunately long been plagued with malware-related issues. The software has often been discovered to have vulnerabilities that make it possible for bad guys to spread malware. The most recent vulnerability was discovered in October of this year. These issues may be part of the reason Flash is being sunsetted in the near future (Adobe says it will end development and support for Flash in 2020.)
In the meantime, it’s important to be vigilant when it comes to downloads or updates of Flash. Lately, we have seen a recurring trend where hacked websites are directing people to scams that try to get them to download what appears to be a version of Adobe Flash but is in fact malware. This Adobe Flash update scam is different from the rogue package installer that resulted from the October vulnerability, in that it is not at all related to the real Flash Player.
Here’s what you need to know about this pernicious and common scam.
Adobe Flash Update Scam: What You Need to Know
In general, hacked websites seem to be the culprit behind spreading downloads of fake Adobe Flash Player programs. This is what you may see if you come across this scam online:
In order to avoid this scam, there are some simple things to do. The best and easiest is to avoid Flash unless you absolutely need it. The program has been plagued with malware and related issues for a very long time (and is being sunsetted shortly.) Before you install the player, try a browser that has a safe, embedded Flash player such as Google Chrome. Most times, Flash apps work just fine and it’ll keep you safe.
If you do need Flash, never install it based upon a prompt from your browser. Always go straight to Adobe’s Flash Player download page and download it there.
If you are a business owner or IT manager, it’s a good idea to warn your users about this common scam, since there’s a good chance at least one of them will run into it at some point. Strongarm customers can also flag potentially hacked websites that are hawking Flash Player downloads for our team to review and investigate.
The best way to completely protect your network against the fallout of an employee or user accidentally downloading a fake, malware-laden version of Flash Player, is to use a DNS-based protection such as Strongarm to ensure that, even if the mistake is made, it cannot spread throughout your network and cause further damage.