There are so many scams in the world it’s hard to keep up with them all. Cybercriminals are always finding more devious ways to rip us off. Phishing attacks, ransomware, and credit card skimmers are just a few tools that these criminals have in their repertoire.
You won’t believe the latest trick they are using now. A simple online search while using Google Chrome could result in your gadget being infected with malware. Yikes!
How this Google Chrome malware scam works
This scam actually was discovered by Proofpoint researchers in December of 2016. Unfortunately, this is still an ongoing attack.
Three factors are needed for this scam to be successful:
- Victim is using the Chrome Browser on a Windows machine.
- Victim lives in an English speaking country – The U.S., U.K., Canada and Australia are being targeted.
- Victim is sent to the malicious site through search engine results (You would have to click the link to the site that shows up in a search).
If all of these factors are in place, you could fall victim to this attack.
When you realize the page is unreadable, a fraudulent Chrome message appears. It says that “The ‘HoeflerText’ font wasn’t found,” which is why you can’t read the page. You’re then asked to update the “Chrome Font Pack.”
Warning! Clicking on the Update button on this message will infect your gadget with click-fraud adware.
Hidden ads will be loaded and clicked on automatically. This is how the criminal gets paid, by ripping off legitimate ad networks.
At this time, the risk to Chrome users is their gadget is infected with click-fraud adware. However, this scheme could change at a moment’s notice.
The hacker could change the malicious link into something worse, like encrypting ransomware. This is why it’s so troublesome that this scam is still active.
The best defense is knowing what to look for. If you visit a site and it asks you to download a font update, do NOT do it! It’s always better to be safe than sorry.