Remote Access Exploit
Never Install Remote Access Software Unless It Comes Directly from TST
Cyber criminals are increasingly using legitimate IT management software to gain access to business computers. Rather than creating malicious software that security products can easily detect, attackers are persuading users to install genuine remote support tools themselves.
These applications are widely used by IT providers to deliver remote support, software updates and system management. On their own, they are completely legitimate. The danger comes when they are installed at the request of someone pretending to be your IT provider.
At TST, any remote monitoring or remote support software used to manage your computers will only ever be supplied, installed and configured directly by our engineers. If anyone else asks you to install remote access software, you should assume it is fraudulent until you have spoken to TST.
Microsoft recently reported a large-scale phishing campaign that compromised tens of thousands of users by convincing them to install a genuine remote management application disguised as a document viewer. Once installed, the attacker immediately gained remote access to the victim’s computer.
Similar attacks are now commonly delivered through emails claiming to contain:
- Shared documents that require a “viewer”
- Invoice or contract downloads
- Fake Microsoft Teams or Zoom meeting invitations
- Electronic signature requests
- Secure file-sharing notifications
In almost every case, the email asks the recipient to download software before they can access the content. This should be treated as an immediate warning sign.
How to Stay Safe
- Only use remote management software that has been installed by TST. Never download or install remote access software because someone contacts you by email, telephone or instant message.
- If an email tells you to install software to view a document, stop immediately. Genuine PDF files, Microsoft Office documents and shared files do not require additional software to be installed.
- If you are unsure, contact TST before clicking anything. We would always rather verify a request than help recover from a cyber attack.
- Never trust unsolicited requests for remote access. Even if the email or website looks genuine, attackers regularly imitate trusted organisations.
- Report anything suspicious to TST immediately. Early reporting gives us the best chance of preventing an incident.
Remember
If TST needs to install or update remote support software on your computer, we will arrange this directly with you. If the request has not come from TST, do not install it.
When in doubt, stop, close the email and contact TST before taking any action.
