{"id":27562,"date":"2026-04-17T07:00:13","date_gmt":"2026-04-17T05:00:13","guid":{"rendered":"https:\/\/smecyberinsights.co.uk\/?p=27562"},"modified":"2026-04-28T14:32:27","modified_gmt":"2026-04-28T12:32:27","slug":"fake-windows-update","status":"publish","type":"post","link":"https:\/\/smecyberinsights.co.uk\/index.php\/2026\/04\/17\/fake-windows-update\/","title":{"rendered":"SME Cybersecurity: – Fake Windows support sites delivering password-stealing malware"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t
\"Partners1_NordVPN\"<\/figure><\/div>
\"Partners3_R3\"<\/figure><\/div>
\"Partners2_Zoho\"<\/figure><\/div>
\"Partners4_Plesk\"<\/figure><\/div>
\"Red_Button_Slider\"<\/figure><\/div>
\"ogo2\"<\/figure><\/div>
\"Detection.<\/figure><\/div>\t\t\t<\/div>\n\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"SECURUS\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"SME\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
Image Credit: Freepik<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

Gibraltar:\u00a0 Friday, 17 April 2026 \u2013 07:00 CET<\/p>\n

SME Cybersecurity: Threat Intel – Fake Windows support sites delivering password-stealing malware
\n<\/strong>By: Iain Fraser<\/a>\u00a0\u2013\u00a0Cybersecurity Journalist
\n<\/a>Published in Collaboration with:
\nSecurus Technology Group
\n<\/a>SMECyberInsights.co.uk<\/a>\u00a0– First for SME Cybersecurity
\n<\/a>Google Indexed on: 170426 at 08:54 CET<\/a>
\n<\/em>#SMECyberInsights #SMECybersecurity #SMECyberInsights #SME #CyberSafe #CyberSecurity #Cybersecurity #Phishing #Microsoft365 #CyberEssentials <\/em>#UKBusiness<\/em><\/p>\n

\ufeff<\/span>\ufeff<\/span><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

SME Cybersecurity: Threat Intel – Fake Windows support sites delivering password-stealing malware<\/strong><\/p>\n

A convincing \u201cWindows support\u201d page can now be enough to lose your Microsoft 365 logins, saved browser passwords, and, in the worst cases, access to client funds. This is not a niche consumer scam; it maps perfectly to how UK small businesses actually work: time-poor staff, shared devices, outsourced IT, and a heavy reliance on Microsoft services. Here\u2019s what this campaign looks like, why SMEs are a soft target, and what to change this week.<\/p>\n

What\u2019s happening, and why UK SMEs should care right now<\/strong><\/p>\n

This scam uses a lookalike Windows support site to push a malicious \u201cupdate\u201d that installs password-stealing malware. Once credentials are taken, attackers typically pivot fast: Microsoft 365 inbox rules, payroll changes, supplier bank detail swaps, and Business Email Compromise that looks like routine invoicing.<\/p>\n

The wider context matters. The UK Cyber Security Breaches Survey 2025 found 43% of businesses<\/strong> reported a cyber security breach or attack in the last 12 months, with phishing remaining a leading route in. If you think \u201cwe are too small\u201d, that stat says otherwise.<\/p>\n

What does \u201cpassword-stealing malware\u201d mean in practice?<\/strong><\/p>\n

Password-stealing malware is software designed to collect and exfiltrate secrets, commonly:<\/p>\n

* Browser-saved passwords and cookies<\/strong>(effectively \u201csession keys\u201d that can reduce the need for a login)<\/p>\n

* Corporate credentials <\/strong>for Microsoft 365, Google Workspace, VPNs, remote access tools<\/p>\n

* Financial access<\/strong>via captured logins, autofill data, or redirection to payment portals<\/p>\n

For SMEs, the consequence is rarely \u201cjust IT\u201d. It is operational downtime, invoice fraud, client confidentiality exposure, and a UK GDPR personal data breach decision within hours, not days. The ICO is clear that organisations must apply appropriate technical and organisational measures<\/strong> to protect personal data; weak access controls and poor patching are difficult to defend after the fact.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"SME\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

How do these fake Windows support sites catch people out?<\/strong><\/p>\n

Attackers win by exploiting normal behaviour:<\/p>\n

* Someone Googles \u201cWindows update error\u201d, \u201csupport\u201d, or \u201c24H2 update\u201d under pressure.
\n* The page looks official enough to pass a quick glance.
\n* The \u201cfix\u201d is an MSI or download that claims to be a cumulative update.
\n* Security tools may not alert immediately, especially on older endpoints or unmanaged devices.<\/p>\n

This is why \u201cwe have antivirus\u201d is not a strategy; it is a layer.<\/p>\n

What cyber security for small businesses should you prioritise first?<\/strong><\/p>\n

Start with low-effort, high-impact controls aligned to Cyber Essentials thinking, without turning it into a paperwork project.<\/p>\n

1. Turn on MFA everywhere it matters (today)<\/strong>
\nPrioritise Microsoft 365 admin accounts, finance mailboxes, and any remote access. Use strong MFA methods, not SMS where avoidable.<\/p>\n

2. Stop local admin by default<\/strong>
\nMost staff should not be able to install software. If your outsourced IT insists, they need admin, use separate admin accounts and just-in-time elevation.<\/p>\n

3. Create a \u201cfake support site\u201d rule of thumb<\/strong>
\nStaff should never install updates from search results or pop-ups. Updates come via Windows Update, Intune, or your managed patch tool. Make it a one-paragraph policy and repeat it.<\/p>\n

4. Harden Microsoft 365 against mailbox takeover<\/strong>
\nEnforce MFA, disable legacy auth, and add alerting for new inbox rules and suspicious forwarding. This directly reduces Business Email Compromise risk.<\/p>\n

5. Backups that ransomware cannot touch<\/strong>
\nEven though this campaign is a stealer, stolen credentials often lead to ransomware later. Keep at least one offline or immutable copy and test restores monthly.<\/p>\n

Authority and evidence you can cite internally<\/strong><\/p>\n

* The NCSC <\/strong>recommends deploying strong MFA for corporate online services, particularly for admin and high-risk account<\/p>\n

* The ICO<\/strong>expects risk-based security controls to protect personal data, including access control, patching, and organisational measures such as training and incident response.<\/p>\n

* UK government research shows breaches are common across business sizes, reinforcing that baseline controls are a board-level issue, not \u201cIT hygiene\u201d.<\/p>\n

Run a 30-minute \u201ccredential theft readiness check\u201d this week: confirm MFA coverage for every admin and finance account, remove local admin from standard users, and document one clear rule on where updates are allowed to come from.<\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\"SECURUS\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t
<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t

SECURUS Communications Ltd<\/strong><\/p>\n

Securus<\/a> <\/strong>is a managed communications Operator, providing next-generation network infrastructure and value added services to Managed Hosting providers and the ‘cloud generation’\u200b of enterprises. Securus<\/a> <\/strong>priority is to offer communication services that represent excellent value for money and are backed by exceptional levels of support.<\/p>\n

Contact Securus<\/strong>
\nSecurus Communications Ltd
\nStation Road, Landmark house, Hook, England RG27 9HA, GB
\nT: Enquiries:\u00a003451 283457<\/span><\/a>\u00a0| Service Desk: 03451 283458<\/a>
\nSecurus on LinkedIn<\/a> | Securus on “X”<\/a> | https:\/\/securuscomms.com<\/a><\/p>\n<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t

\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t

\n\t\t\t\t\t<\/span>\n\t\t\t\t\tLatest Posts from SECURUS Communications<\/span>\n\t\t\t\t\t<\/span>\n\t\t\t\t<\/h2>\n\t\t\t<\/div>
\n\n
\n
\n\n
\n \n \n \"AI-Powered <\/a>\n\n \n