Unfortunately, you keep getting tricked into download and installing a fake Flash Player.
Technical solutions to preventing unauthorized software installations became prevalent over the last few years, so human factors are now the easier target for attackers. Tricking someone into authorizing an installation is the path of least resistance.
Since Flash Player is ubiquitous, it's the go-to choice for a product to impersonate.
There are a few ways to avoid this situation:
- Never click through on a link from an email or website to a software update. Just don't.
If you think you need to download an update for something, google for it, find the software developer, and download the product directly from them. For bonus points, make sure the download link uses https and not regular http.
- When possible, download software from your operating system's App Store
This doesn't work for Flash Player, but as a general rule, applications from your operating systems App Store have some level of vetting, and get updated automatically
- Enable Automatic Updates
For Flash Player, you can choose Allow Adobe to Install Updates (recommended) at install time, or you can change that preference any time by going to Settings / Control Panel > Flash Player > Updates, and selecting the option there. You can also use the Check Now and Install Now buttons to determine if you need an update, and to apply that update manually.
Once you have automatic updates installed, you can confidently assume that any update notifications are bogus.
- Use Google Chrome or Internet Explorer and Edge on Windows 8 and higher
Chrome (on any operating system they support) and IE and Edge on Win8+ both include a built-in Flash Player that they keep updated automatically. Chrome does this via their own built-in update mechanism, and Microsoft pushes Flash Player updates via Windows Update.
In either browser, you can simply ignore notifications to update, as there's nothing to update or install.
- Keep your router updated
If you haven't installed a firmware update on your wireless router recently (or ever), you might want to update it with any available firmware updates. I'd recommend doing this from a trusted machine that hasn't had malware installed on it. There was a well-publicized vulnerability in many commodity routers that allowed a trojan to inject malicious code into the working memory of the router. When abused in practice, the vulnerability was frequently used by attackers to inject fake Flash Player update notifications into legitimate webpages.
Anyway, sorry that you're going through this. As Maria pointed out above, if you continue to encounter notification dialogs, please take a screenshot and copy the entire URL from the address bar, and shoot an email to one of the addresses listed above. We have a team dedicated to responding to those kinds of incidents that will be happy to pursue it.
Thanks!
2
Replies
AdChoices