Fake Google Meet update lets hackers control your Windows PCs

You might think the biggest danger online is downloading a virus or giving away your password. But a new phishing trick shows how attackers can take control of your computer without either of those things happening. 

Security researchers recently uncovered a fake Google Meet update page that looks convincing enough to fool many people. All it takes is one click on a button that says "Update now."  Instead of installing an update, you can be tricked into enrolling your Windows computer in a remote management system controlled by attackers.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter.

TECH GIANTS UNITE TO FIGHT ONLINE SCAMS
 

Researchers at Malwarebytes, a cybersecurity company that develops software to detect and remove malware, discovered a phishing website designed to look like an official update notice for Google Meet. The page tells visitors they need to install the latest version of Meet to continue using the service. The design uses familiar colors and branding that many of us associate with Google products.

When someone clicks the "Update now" button, it does not download an update at all. Instead, it triggers a built-in Windows feature using a special device enrollment link that opens a real system window called "Set up a work or school account." This window normally appears when a company's IT department sets up a laptop for an employee.

In this scam, the setup window is already filled with information that connects the computer to a remote management server controlled by the attacker. The system points to an online management service hosted on Esper, which is a legitimate platform used by businesses to manage company devices.

If the victim clicks through the setup process, his computer becomes enrolled in what is called a mobile device management system. That gives whoever controls the server the same level of control a company's IT department would have over a work laptop.

Security researchers say the attackers are not expecting everyone to complete the process. Even if only a small number of people click through the prompts, that can still give them access to enough computers to make the campaign worthwhile.

This attack works by abusing a legitimate Windows feature rather than installing malware. Windows includes something called device enrollment, which lets companies connect employee computers to a management system. Once a device is enrolled, administrators can remotely control many aspects of that machine.

In a normal workplace setting, this helps IT teams install company software, enforce security settings and manage devices. Attackers realized they could trick people into joining their own management system instead. When you click the fake update button, Windows launches a built-in enrollment process. Because it is a real system feature and not a fake pop-up, it looks legitimate and can bypass many security warnings.

If you complete the steps, the attacker effectively becomes the administrator of your computer. That could allow the hacker to silently install software, change system settings, view files stored on your computer, lock your screen or even wipe the device entirely. In some cases, the hacker could also install additional malware later. What makes this attack especially tricky is that traditional antivirus tools may not detect anything wrong because the operating system itself is performing the actions.

We reached out to Google for comment, and a spokesperson provided the following statement: "These 'update now' prompts are not legitimate Google communications. This is a phishing campaign that attempts to trick users into a Windows device enrollment process. Google Meet updates are handled automatically through your browser or the official app. Google will never prompt you to visit a third-party site to enroll a personal device to receive an update." 

FAKE GOOGLE SECURITY PAGE CAN TURN YOUR BROWSER INTO A SPYING TOOL
 

If you ever see a message saying you must update a service before continuing, slow down and verify it first. A few simple habits can prevent attacks like this from working.

If a website suddenly tells you that a service like Google Meet needs an update before you can continue, pause for a moment. Major platforms rarely force updates through random web pages. Google Meet updates happen automatically through your browser or official app and never require visiting a third-party site. Always check the URL bar. Legitimate Google Meet sessions only run on meet.google.com. A real update will never try to enroll your entire computer or trigger system-level setup screens. If it does, it is a scam. Instead, open the service directly from its official website or app and check for updates there.

On a Windows computer, open Settings, then go to Accounts and look for "Access work or school." If you see an unfamiliar account or organization listed, especially one you do not recognize, disconnect it immediately. This section shows whether your device has been enrolled in a remote management system.

Cybercriminals often rely on personal information found online to make phishing attacks more convincing. Data removal services help remove your information from data broker sites, reducing the chances that scammers can target you with personalized attacks. While it will not stop this specific trick, it can make you a harder target overall. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.

Google says Gmail's AI protections block more than 99.9% of spam, phishing and malware, but scams can still reach you through search results, ads or links shared outside your inbox. That's why using strong antivirus software with real-time protection can help detect suspicious behavior that may emerge after an attacker gains control of a device. Even though this attack uses legitimate Windows features, security tools can still identify unusual system changes or malicious software installed afterward. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

DARKSWORD LEAK PUTS MILLIONS OF IPHONE USERS AT RISK
 

Software updates often include security protections that help block new attack methods. Running the latest version of Windows and your web browser reduces the chances of attackers exploiting older system behaviors or vulnerabilities.

A password manager only autofills your login details at the correct website address. If you land on a phishing page pretending to be a service like Google Meet, your password manager will not fill in your information. That warning alone can help you realize something is wrong before you click anything. It also encourages you to rely on saved logins instead of interacting with suspicious update prompts. Check out the best expert-reviewed password managers of 2026 at Cyberguy.com.

If a Windows system window suddenly appears asking you to set up a work or school account, stop immediately. Legitimate setup prompts typically appear when you are configuring a device or following instructions from your employer, not from clicking a random website. If you did not expect it, close the window.

Cybercrime is changing by the minute. Instead of writing obvious viruses, attackers are increasingly abusing legitimate features built into operating systems and cloud services. In this case, both Windows device enrollment and the management platform being used are real tools designed for businesses. The attackers simply redirected those tools toward people who never intended to hand over control of their computers. That should tell you how easily powerful enterprise features can be repurposed for attacks when there are few safeguards preventing misuse.

Should operating systems block device enrollment requests that come from random websites? Let us know by writing to us at Cyberguy.com.

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you'll get instant access to my Ultimate Scam Survival Guide - free when you join my CYBERGUY.COM newsletter.

Copyright 2026 CyberGuy.com. All rights reserved.