ACG Cyber Security Bulletin: Understanding What is a Software Upgrade Scam?

Written by PNP Anti-Cybercrime Group on . Posted in IT Advisory

The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).

The information provided was classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.


Scammers are constantly coming up with more ingenious ways to trick Microsoft users into handing over personal data.  Cybercriminals disguise malware as pop-up notifications to update Adobe Flash, Adobe Reader, Web browsers, Java or other mainstream software. The update notifications are designed to look legitimate, such that unsuspecting individuals are unlikely to think twice before clicking on “Install”.

Surfing the internet will may see a pop-up window on the computer screen, instructing you to update a particular piece of software.  This may happen if you’ve inadvertently installed adware on your computer. Adware’s intent is to display advertising content, often in pop-up windows, on your computer.  It can also monitor your browsing activities.  The adware may have been bundled with something free you downloaded, such as a freeware program.

Fake software update requests can also appear when you’re using a public hotspot. For example, there have been reports of travelers who, while using a hotel’s Internet, received a pop-up window alerting them to update a piece of software.  You may also see a fake software update when browsing free movie streaming, media, and software download sites.

Pop-up prompts aren’t the only way malware gets installed on a computer. Some malware are known to hijack the auto-update feature of computers and the user is often none the wiser.  Mobile devices are increasingly being targeted too which poses as an Adobe Flash update or anti-virus app for Android devices. If installed, the malware locks you out of your device and you’re asked to pay a ‘ransom’ to regain control.

The first thing to know is that software update notifications won’t come to you in email and they aren’t likely to simply appear out of context as you surf the Web. Legitimate notices to update will come from the software itself, especially when you open and run the program.

If you receive a software update request that seems suspicious, review it closely.  Just as with phishing emails, you may be able to spot misspelled words, improper usage, lack of punctuation and other telltale signs. You may notice that the logo for the company being falsely represented may not look quite right, too.


The public are advised to follow these tips to avoid being a victim of software update scam, to wit:

  • Don’t respond to software update requests when you’re on a public WiFi hotspot or surfing a free media or download site;
  • When in doubt, download any needed updates directly from the software vendor’s website;
  • Never click links in emails that tell you to upgrade your software;
  • Get in the habit of reviewing software update requests carefully, especially if they seem to have appeared out of nowhere;
  • If you suspect adware, spyware, or malware has been installed on your computer, use your Internet security suite to scan your computer’s hard drive right away;
  • Set your computer to automatically update your operating system and applications; and
  • Keep your Internet security software up-to-date, and ensure it’s running at all times.

For additional information, please refer to the following websites:



            Please contact PCINSP ANGELICA STARLIGHT L. RIVERA, Chief, Personnel Records Management Section thru e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it. or contact us on telephone number (632) 7230401 local 3562 for any inquiries related to this CYBER SECURITY BULLETIN.