Sunday, August 4, 2024

Google Chrome Extension Scams

 

Adding extensions to your browser can improve usability and lead to a better browsing experience. Unfortunately, cybercriminals will take advantage of this and can use browser extensions to hack into your accounts and steal your sensitive information. Cybercriminals can make fake extensions that look legitimate and even spoof real extensions. These scams can be hard to spot. So, it’s important to learn how to keep yourself safe.

Hidden Extensions

Cybercriminals can create malicious browser extensions designed to steal your email information. For example, cybercriminals can send you a phishing email urging you to download an extension for your Google Chrome browser. This looks like a legitimate Google Chrome extension, but it’s actually malicious. When you download this extension, it can only be seen in your extensions list if you enter a specific address in the address bar, effectively making the extension hidden. The next time you open your Gmail account, the extension automatically activates to steal your email content. 

Spoofed Extensions

Cybercriminals can also make malicious copies of real browser extensions. For example, cybercriminals have created a malicious spoof of the legitimate Google Chrome extension for ChatGPT, a well-known AI chatbox. If you download this extension, it won’t appear in your browser’s toolbar or extension list, but the hidden extension is still running in the background. This fake extension looks legitimate, but it’s actually a copy of the real extension with extra malicious code designed to steal your sensitive information. After you install this extension, the malicious code will steal your Facebook account information.

What Can I Do to Stay Safe?

Follow the tips below to stay safe from Google Chrome extension scams:

  • This tactic isn’t specific to Google. So, be cautious before you download an extension for any internet browser.
  • Only add any extensions to your browser from trusted sources, such as the Chrome Web Store. Watch out for emails that prompt you to click links instead of visiting the extension publisher’s home page.
  • Before you click a sponsored link, hover your mouse over it. Make sure that the link leads to a legitimate, safe website that corresponds with the content in the related search result.

The KnowBe4 Security Team
KnowBe4.com

No comments:

Post a Comment

Trump no longer pursues retaliatory investigations

 Direct translation In an interview with NBC, Trump made it clear: "I will not dwell on the past." His new strategy is to unite th...