NEWNow you can listen to Fox News articles!
You might think that the biggest risk on the Internet is downloading a virus or giving away your password. But a new phishing tactic shows how attackers can take control of your computer without those things happening. Security researchers recently discovered a fake Google Meet review page that looks convincing enough to fool many people. All it takes is one click on the “Update Now” button. Instead of installing an update, you can be tricked into enrolling your Windows computer in a remote management system controlled by attackers.
Sign up for my FREE CyberGuy report
Get my best tech tips, emergency security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join CYBERGUY.COM newspaper.
TECH GIANTS UNITE TO FIGHT ONLINE FRAUDS
A fake Google Meet update page can trick Windows users into giving attackers remote control of their computers via a built-in device registration feature. (pocketlight/Getty Images)
Everything you need to know about the fake Google Meet update
Researchers at Malwarebytes, a cybersecurity company that develops software to detect and remove malware, discovered a phishing website designed to look like an official Google Meet notification. The page tells visitors that they must install the latest version of Meet to continue using the service. The design uses familiar colors and branding that many of us associate with Google products.
When someone clicks the “Update now” button, it doesn’t download the update at all. Instead, it triggers a built-in Windows feature using a special registration link that opens an actual system window called “Set up a work or school account.” This window usually appears when a company’s IT department sets up an employee’s laptop.
In this scam, the setup window is already filled with information that connects the computer to a remote administration server controlled by the attacker. The program points to an online management service hosted on Esper, which is an official site that businesses use to manage company devices.
When a victim clicks through the setup process, their computer is enrolled in what’s called a mobile device management system. That gives whoever manages the server the same level of control a company’s IT department would have over a work laptop.
Security researchers say the attackers don’t expect everyone to complete the program. Even if a small number of people click on the ad, that still gives them access to enough computers to make the campaign worthwhile.
How it works and why it matters to you
This attack works by exploiting a legitimate Windows feature rather than installing malware. Windows includes something called device registration, which allows companies to connect employees’ computers to the management system. Once a device is registered, administrators can remotely control many features of that device.
In a typical work environment, this helps IT teams install company software, apply security settings, and manage devices. Attackers realized that they could trick people into joining their management system instead. When you click the fake update button, Windows starts the built-in registration process. Because it’s a real system feature and not a fake pop-up, it looks legitimate and can bypass most security warnings.
If you complete the steps, the attacker effectively becomes the administrator of your computer. That can allow them to silently install software, change system settings, view files stored on your computer, lock your screen, or completely wipe the device. In some cases, they can re-install the malware later. What makes this attack so difficult is that traditional antivirus tools may not detect anything wrong because the operating system itself performs the actions.
We’ve contacted Google for comment, and a spokesperson provided the following statement: “These ‘update now’ alerts are not official Google communications. This is a phishing campaign that attempts to trick users into entering the Windows device registration process. Google Meet updates are handled automatically through your browser or an official app—Google won’t even notify you to visit a personal site to find a review site to sign up.”
A FAKE GOOGLE SECURITY PAGE CAN TURN YOUR BROWSE INTO AN INVESTIGATION TOOL
Instead of downloading malware, victims who click on a fake update page may give attackers administrator-level access to their Windows devices. (Beata Zawrzel/NurPhoto via Getty Images)
7 ways to protect yourself from a fake Google Meet update
If you happen to see a message saying you must update the service before continuing, slow down and verify it first. A few simple practices can prevent attacks like this from happening.
1) Be skeptical of unexpected update information
If a website suddenly tells you that a service like Google Meet needs an update before you can continue, pause. Big forums rarely force reviews on random web pages. Google Meet updates happen automatically through your browser or the official app and don’t require visiting a third-party site. Always check the URL bar. Official Google Meet sessions are ongoing only meet.google.com. A real update will never try to register your entire computer or run system level setup screens. If it does, it’s a scam. Instead, open the service directly from its official website or app and check for updates there.
2) Check if your device was registered without your knowledge
On a Windows computer, open Settings, then go to Accounts and check “Access for work or school.” If you see an unfamiliar account or organization listed, especially one you don’t know, disconnect it immediately. This section shows whether your device is registered in the remote control system.
3) Reduce your exposure with a data removal service
Cybercriminals often rely on personal information found online to make phishing attacks more believable. Data removal services help remove your information from data vendor sites, reducing the chances that fraudsters can target you for personal attacks. While it won’t stop this particular strategy, it can make it a much harder target. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out there on the web by visiting Cyberguy.com.
4) Use strong antivirus software
Google says Gmail’s AI protections block more than 99.9% of spam, phishing, and malware, but scams can still find you through search results, ads, or links shared outside of your inbox. That’s why using strong antivirus software with real-time protection can help detect suspicious behavior that may occur after an attacker gains control of a device. Even though these attacks use legitimate Windows features, security tools can still identify unusual system changes or later installed malicious software. Find my picks for the best antivirus 2026 winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.
DARKSWORD LEAK PUTS MILLIONS OF IPHONE USERS AT RISK
Security researchers have discovered a phishing scam that uses a fake Google Meet update to enroll personal computers in remote control systems controlled by attackers. (400tmax/Getty Images)
5) Keep Windows and your browser updated
Software updates often include protections that help block new attack methods. Using the latest version of Windows and your web browser reduces the chances of attackers exploiting old system behavior or vulnerabilities.
6) Use a password manager
The password manager automatically fills in your login information to the correct website address. If you land on a phishing page masquerading as a service like Google Meet, your password manager won’t fill in your information. That warning alone can help you see if something is wrong before you click anything. It also encourages you to rely on saved logins instead of dealing with suspicious update instructions. Check out the best password managers reviewed in 2026 at Cyberguy.com.
7) Never complete a system setup prompt that you have not started
If a Windows system window suddenly appears asking you to set up a work or school account, stop immediately. Legal setup prompts usually appear when you configure a device or follow instructions from your employer, not by clicking on a random website. If you didn’t expect it, close the window.
The key to take Kurt
Cybercrime is changing by the minute. Instead of writing obvious viruses, attackers are increasingly exploiting legitimate features built into cloud applications and services. In this case, both Windows device registration and the management platform used are real tools designed for businesses. Attackers simply redirect those tools to people they didn’t intend to give control of their computers to. That should tell you that powerful business features can be replicated for attack purposes if there are few safeguards in place to prevent misuse.
Should operating systems block device registration requests from random websites? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS PROGRAM
Sign up for my FREE CyberGuy report
Get my best tech tips, emergency security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – free when you join CYBERGUY.COM newspaper.
Copyright 2026 CyberGuy.com. All rights reserved.
