Google Chrome users warned of ‘clever’ fake notification hackers use to raid accounts – look out for danger button
GOOGLE Chrome users have been warned about a new “clever” trick used by hackers to raid accounts.
The same sneaky threat has been targeting those using Microsoft Word online and OneDrive too.
It comes in the form of a fake notification that pretends there’s been an error.
“Something went wrong while displaying this webpage,” one example showed.
The dubious popup tells people to click a button that will apparently fix a problem.
But following the instructions will only lead to your machine being snooped on.
“Although the attack chain requires significant user interaction to be successful, the social engineering is clever enough to present someone with what looks like a real problem and solution simultaneously, which may prompt a user to take action without considering the risk,” warned Proofpoint, who uncovered the ruse.
Once users click the button they are told to copy and paste instructions into their machine’s system.
But behind the scenes it installs a range of nasty software.
Among them is malware that can steal your account details.
It can also trigger fraudulent crypto transactions without people realising.
Any supposed error message or website asking you to copy and paste a prompt into the Windows PowerShell should be an immediate red flag.
Think twice before acting on any popups with buttons offering to fix a problem that then ask you to paste text into your computer’s system this way.
How to spot a dodgy app
Detecting a malicious app before you hit the 'Download' button is easy when you know the signs.
Follow this eight-point checklist when you’re downloading an app you’re unsure about:
- Check the reviews – be wary of both complaints and uniformly positive reviews by fake accounts.
- Look out for grammar mistakes – legitimate app developers won’t have typos or errors in their app descriptions.
- Check the number of downloads – avoid apps with only several thousand downloads, as it could be fake.
- Research the developer – do they have a good reputation? Or, are totally fake?
- Check the release date – a recent release date paired with a high number of downloads is usually bad news.
- Review the permission agreement – this agreement gives permission for the app to take bits of your data, and fake apps often ask for additional data that is not necessary.
- Check the update frequency – an app that is updated too frequently is usually indicative of security vulnerabilities.
- Check the icon – look closely, and don’t be deceived by distorted, lower-quality versions the icons from legitimate apps.
All of this information will available in both Apple’s App Store and the Google Play Store.