News

The fake Google Meet prompt gives attackers access to computers

Security researchers recently revealed A Fake Google Meet update page That sounds convincing enough to fool a lot of people. All it takes is one click on the “Update Now” button. Instead of installing an update, you can be tricked into registering your Windows computer into a remote administration system controlled by attackers.

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

Tech giants unite to fight online scams

Someone typing on a laptop.

A fake Google Meet update page could trick Windows users into handing over remote control of their computers to attackers through a built-in device enrollment feature. (Pocket Light/Getty Images)

Everything you need to know about the fake Google Meet update

Researchers at Malwarebytes, a cybersecurity company that develops software to detect and remove malware, discovered a phishing website designed to look like an official update notification for Google Meet. The page tells visitors that they need to install the latest version of Meet to continue using the service. The design uses familiar colors and branding that many of us associate with Google products.

When someone clicks the Update Now button, they don’t download the update at all. Instead, it fires Embedded Windows feature Using a special link to register the device opens a real system window called “Set up a work or school account”. This window usually appears when a company’s IT department sets up an employee’s laptop.

In this scam, the setup window is already filled with information that connects the computer to a remote administration server controlled by the attacker. The system refers to the online management service hosted on Esper, a legitimate platform used by companies to manage company devices.

If the victim clicks through the setup process, their computer will be registered in what’s called a mobile device management system. This gives whoever controls the server the same level of control that a company’s IT department has over a business laptop.

Security researchers say that attackers do not expect everyone to complete the process. Even if only a few people click on the prompts, it can still give them access to enough computers to make the campaign worthwhile.

How it works and why it matters to you

This attack works by abusing a legitimate Windows feature rather than installing malware. Windows includes something called device enrollment, which allows companies to connect employees’ computers to the management system. Once a device is registered, administrators can remotely control many aspects of that device.

In a normal business environment, this helps IT teams install company software, enforce security settings, and manage devices. The attackers realized they could trick people into joining their management system instead. When you click the fake update button, Windows launches a built-in logging process. Since it is a real system feature and not a fake pop-up, it appears legitimate and can bypass many security warnings.

If you complete the steps Attacker Effectively becomes your computer administrator. This could allow a hacker to silently install software, change system settings, view files stored on your computer, lock your screen, or even wipe the entire device. In some cases, the hacker can also install additional malware later. What makes this attack particularly difficult is that traditional antivirus tools may not detect any error because the operating system itself is performing the actions.

We reached out to Google for comment, and a spokesperson provided the following statement: “These ‘Update Now’ claims are not legitimate communications from Google. They are a phishing campaign that attempts to trick users into the Windows device enrollment process. Google Meet updates are automatically processed through your browser or the official app. Google will never prompt you to visit a third-party site to register a personal device to receive the update.”

GOOGLE FAKE SECURITY PAGE CAN TURN YOUR BROWSER INTO A SPY TOOL

Laptop screens display logos for Windows 10 and Windows 11.

Instead of downloading the malware, victims who click on a fake update page may inadvertently give attackers administrator-level access to their Windows devices. (Image via Getty Images)

7 ways to protect yourself from fake Google Meet update

If you ever see a message saying you must update your service before continuing, slow down and check it first. Some simple habits can prevent such attacks from working.

1) Be skeptical of unexpected update prompts

If a website suddenly tells you that a service like Google Meet needs to be updated before you can continue, pause for a moment. Major platforms rarely force updates through random web pages. Google Meet updates automatically through your browser or official app and never requires a visit to a third-party site. Always check the URL bar. Only legitimate Google Meet sessions are played meet.google.com. A true update will never attempt to register your entire computer or trigger system-wide setup screens. If this happens, it is a scam. Alternatively, open the service directly from its official website or app and check for updates there.

2) Check if your device has been registered without your knowledge

On a Windows PC, open Settings, then go to Accounts and look for Work or School Access. If you see an unfamiliar account or organization listed, especially one you don’t know, disconnect it immediately. This section shows whether your device is registered in the remote management system.

3) Reduce your exposure with a data removal service

Cybercriminals often rely on personal information found online to make phishing attacks more convincing. Data removal services help remove your information from data broker sites, reducing the chances of scammers targeting you with customized attacks. While this won’t stop this specific scam, it may make you a harder target overall. Check out my top picks for data removal services and get a free check to see if your personal information really exists on the web by visiting Cyberguy.com.

4) Use powerful antivirus software

Google says Gmail’s AI-powered protections block more than 99.9% of spam, phishing, and malware, but scams can still reach you through search results, ads, or links shared outside your inbox. That’s why it’s used Powerful antivirus software With real-time protection it can help detect suspicious behavior that may appear after an attacker gains control of the device. Although this attack uses legitimate Windows features, security tools can still identify unusual changes in the system or malware that was installed afterward. Get my picks for the best antivirus protection winners of 2026 for Windows, Mac, Android, and iOS at Cyberguy.com.

DARKSWORD LEAK PUT MILLIONS OF IPHONE USERS AT RISK

The exterior of the building is shown with a sign "Google."

Security researchers have discovered a phishing scam that uses a fake Google Meet update claim to enroll PCs in attacker-controlled remote administration systems. (400tmax/Getty Images)

5) Keep your Windows and browser updated

Software updates often include security protections that help prevent new attack methods. Running the latest version of Windows and your web browser reduces the chances of attackers exploiting outdated system behaviors or vulnerabilities.

6) Use a password manager

The password manager just automatically fills in your login details to the correct website address. If you land on a phishing page pretending to be a service like Google Meet, the password manager won’t populate your information. This warning alone can help you realize something is wrong before you click anything. It also encourages you to rely on saved logins instead of interacting with suspicious update prompts. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

7) Never complete system setup prompts that you did not initiate

If a Windows window suddenly appears asking you to set up a work or school account, stop immediately. Legitimate setup prompts usually appear when you configure a device or follow instructions from your employer, not by clicking on a random website. If you are not expecting this, close the window.

Key takeaway for Kurt

Cybercrime is changing by the minute. Instead of writing obvious viruses, attackers are increasingly abusing legitimate features built into operating systems and cloud services. In this case, both Windows device registration and the management platform used are real tools designed for businesses. The attackers simply redirected those tools towards people who never intended to hand over control of their computers. That should tell you how easy it is for powerful enterprise features to be repurposed for attacks when there are few safeguards against misuse.

Should operating systems block device registration requests that come from spam websites? Let us know by writing to us at Cyberguy.com.

Click here to download the FOX NEWS app

Sign up for my free CyberGuy report
Get the best tech tips, breaking security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide – for free when you join my site CYBERGUY.COM Newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.

Curt “CyberGuy” Knutson is an award-winning technology journalist with a deep love for technology, equipment and gadgets that make life better through his contributions to Fox News and FOX Business morning starters on “FOX & Friends.” Do you have a technical question? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.

Related Posts

Post Comment

You May Have Missed