A sophisticated phishing scam is circulating, disguised as a Google Meet update, that allows hackers to gain complete control over Windows PCs. This attack bypasses traditional security measures by exploiting a legitimate Windows feature, making it difficult for antivirus software to detect. Users are tricked into enrolling their devices into a remote management system controlled by attackers, effectively handing over administrative privileges.

Key Takeaways

• A fake Google Meet update prompt can lead to full PC control for hackers.

• The attack exploits a legitimate Windows device enrollment feature, not malware.

• Victims unknowingly enroll their computers into attacker-controlled remote management systems.

• Traditional antivirus software may not detect this type of threat.

How the Scam Unfolds

Security researchers have identified a phishing website meticulously designed to mimic an official Google Meet update notice. The page uses familiar branding and colors to appear legitimate, urging users to click an "Update now" button to continue using the service. However, instead of downloading an update, clicking this button triggers a built-in Windows feature: the "Set up a work or school account" window.

This system window, normally used by IT departments to provision company devices, is pre-filled with information that connects the user's computer to a remote management server operated by the attacker. This server is often hosted on legitimate platforms like Esper, which are typically used by businesses for device management.

The Danger of Device Enrollment

Once a user proceeds through the setup process, their computer becomes enrolled in a mobile device management (MDM) system controlled by the attacker. This grants the attacker the same level of administrative control that a company's IT department would have over a work laptop. This means hackers can silently install or remove software, alter system settings, access files, lock the screen, or even wipe the device entirely.

The insidious nature of this attack lies in its use of legitimate operating system features. Because the actions are performed by Windows itself, rather than through malicious software, many security tools fail to flag the activity as suspicious.

Protecting Yourself

Experts advise users to be vigilant against unexpected update prompts. Legitimate services like Google Meet typically handle updates automatically through their official apps or browsers. Always verify the URL of any site asking for an update, and be wary of any prompt that asks you to enroll your device in a work or school account, especially if you did not initiate the process.

To check if your device has been compromised:

1. Open Windows Settings.

2. Navigate to Accounts.

3. Select "Access work or school.

4. If you see any unfamiliar accounts or organizations listed, disconnect them immediately.

Other protective measures include keeping your operating system and browser updated, using strong antivirus software with real-time protection, and employing a password manager that will not auto-fill credentials on suspicious sites.

Sources

• Fake Google Meet prompt gives attackers PC access, Fox News.

• One click on this fake Google Meet update can give attackers control of your PC, Malwarebytes.

• Fake Google Meet update lets hackers control your, One News Page.