Tales from the Certified Hacker: Fake Sites for CPU Updates
We have by now become familiar with the vulnerabilities in Intel and AMD processors and have likely taken steps to mitigate the issues. As to be expected, there are elements out there who attempt to profit from the issues by sending out scam emails purporting to resolve the Meltdown or Spectre vulnerabilities but instead point the victim to a web site.
Both the emails and the fake web sites look genuine and are designed to fool unsuspecting mobile phone and PC users into clicking on a link which will download malware, often in the shape of a Remote Access Trojan (RAT) which will give the malicious attacker the ability to control your device. Totally. And in doing so, gain access to your banking credentials, etc.
Computer companies and government departments will never send out patches in emails. They may advise you to download them, in which case you should enter the URL into your web browser by hand rather than simply clicking on a link.
Principal Technologist, Security