Cybercriminals today are more deceptive with their techniques than ever. Some of the fraudulent messages they send through phishing attacks look as close to the real deal as possible. A recent example was a fake Netflix email, tricking customers into revealing their credit card information.
Although, not all scams are initiated through malicious messages. There is a new malware attack involving bait-and-switch websites that you need to know about.
If you are a Google Chrome user, this affects you. Hackers have discovered a way to break into websites that have weak security, so they can fool visitors into downloading malware.
How the malware scam works
Three factors are needed for this scam to be successful:
- Victim is using the Chrome Browser on a Windows machine.
- Victim lives in an English speaking country – The U.S., U.K., Canada and Australia are being targeted.
- Victim is sent to the malicious site through search engine results (You would have to click the link to the site that shows up in a search).
If all of these factors are in place, you could fall victim to this attack.
When you realize the page is unreadable, a fraudulent Chrome message appears. It says that “The ‘HoeflerText’ font wasn’t found,” which is why you can’t read the page. You’re then asked to update the “Chrome Font Pack.”
Image: Fraudulent message asking you to update the Chrome Font Pack. (Source: Proofpoint)
Warning! Clicking on the Update button on this message will infect your gadget with click-fraud adware.
Hidden ads will be loaded and clicked on automatically. This is how the criminal gets paid, by ripping off legitimate ad networks.
At this time the risk to Chrome users is their gadget is infected with click-fraud adware. However, this scheme could change at a moment’s notice. The hacker could change the malicious link into something worse, like encrypting ransomware.
The best defense is knowing what to look for. If you visit a site and it asks you to download a font update, do NOT do it! It’s always better to be safe than sorry.