A widespread scam is tricking people into installing fake security apps by impersonating major email and tech providers in convincing messages designed to steal personal information.
Scammers are sending urgent emails, texts and pop-up warnings that appear to come from trusted services such as Outlook, Gmail, iCloud and Yahoo. These messages typically claim there has been suspicious activity or an attempted login, prompting users to act immediately to “secure” their account.
The alerts often include official-looking branding and urgent language such as “Security breach: protect your account now”, along with links to what appears to be a legitimate login or security page. Once clicked, users are taken to a highly convincing fake website designed to replicate genuine provider portals.
Victims are then guided through a series of fabricated “security steps” before being asked to download and install a security app or certificate to resolve the issue. In reality, the software is malware, capable of monitoring devices and stealing personal data.
Security experts warn the scam is particularly dangerous because it relies on users granting permission for installation, which can bypass some antivirus protections. Once installed, the malware may be able to log keystrokes, read messages and access contacts, even after the browser is closed.
Providers will never ask users to install separate security apps via email links or pop-up alerts.
People are urged to watch for red flags, including requests to install software to verify identity, share contacts or location, or enter passwords on unfamiliar websites. Users should also be cautious of any alert that cannot be verified directly.
The safest approach is to ignore the message, close it, and manually visit the official website by typing the address directly into a browser, such as outlook.com or mail.google.com.
Users are also encouraged to enable two-step verification as an added layer of protection. If personal or financial details have been shared, victims should contact their bank immediately and report the incident to Action Fraud or forward phishing emails to [email protected]. and suspicious texts to 7726.
Comments
This article has no comments yet. Be the first to leave a comment.