Skip to Content

Cybercriminals secretly use your Chrome extensions to steal from you

Cybercriminals are always one step ahead of you. They’re devious, especially when it comes to using your smartphones and laptops for their financial gain.

Unfortunately, they have a huge incentive in the billions of dollars they steal each year from people like your family and you. They steal your ID, install ransomware that shuts down your computer and they spy on you.

Cybercriminals out of necessity are clever, too. You know as a reader that we’re always warning you about data breaches, malware attacks, ATM skimmers and a lot more.

Now, cybercriminals are using web browser extensions to secretly use your computer for their own financial gain. You probably use browser extensions like Evernote Web Clipper, Office Online and Amazon Assistant.

Google’s Chrome web browser extensions make your life a bit easier. They perform specific tasks, similar to smartphone apps.

One problem with extensions is, once you install them, they just sit there. Most people don’t constantly monitor all the extensions they’ve added, so cybercriminals take advantage of that by tapping into them to steal your ID, use your computer strength to cryptomine and worse.

Don’t worry, though. We’ve got five straightforward steps to protect you from cybercriminals who are using Chrome extensions to steal from you – do NOT skip No. 3!

1. Investigate the developer

Let’s face it, you speed through life. We all do, especially when we’re online.

If you’re like most people, you’re too busy to stop and think, “Is this a safe web extension to download?” No, you’re busy at work, with your children and grandkids and with everyday life.

However, cybercriminals know that. They’re counting on you to install Chrome extensions that are easy for them to manipulate.

You can take a big step toward protecting yourself, though. Ask yourself, “Who developed this extension?”

First, there is usually the developer’s name underneath the extension. Click on that and see what you can find out about that person or company.

Second, visit their website. You can learn a lot about a company’s reputation and safety track record by looking through their website.

Is it a professional site with contact information, like phone numbers and email addresses? If not, proceed with caution.

2. Read descriptions and disclaimers

You also want to take the time to read about what the developer is disclosing about the Chrome extension. That’s important with reputable developers, too.

They’ll describe the extension and often disclose the type of information they’ll be collecting about you. These descriptions are the type of thing you skim through if you’re like most people.

But take a moment to read these descriptions and disclaimers, which you’ll often see to the right of the extension you’re about to install. Reputable companies will tell you a lot about the data they collect.

However, un-reputable companies may not even include any disclaimers. That’s a red flag.

3. Slow down and read permissions

There’s a theme to protecting yourself when it comes to Google Chrome‘s web extensions. Slow down and don’t just mindlessly install them.

Many extensions will ask your permission to collect information about you or from your digital device. That’s fine if you’re OK with the information they’re collecting.

But you cannot know what they’re collecting unless you take a minute to read about it. Don’t rush through and give an extension to collect information on you – take your time and fully understand what they’re up to.

4. Read the reviews

Chrome web extensions, like almost everything else online, have user reviews. You have to take each one with a grain of salt, of course.

Read through several reviews to spot trends. Are they overly positive, suggesting that the developer and his friends wrote them?

Or do you see reviews that seem to be genuine? If so, are they mostly positive, meaning people like you are using the extension and seeing a benefit in it?

5. Check the source code

If you’re skilled at using source code, you can check it for the extension you’re about to install. You do that by going to Chrome://Extensions >> make sure Developer Mode is turned on >> find ID >> go to Chrome://Version >> copy Profile Path and paste it into Folder >> Go >> double-click on the extension to see its code.

Google bans cryptomining extensions

Cybercriminals have a brand new way of taking advantage of you. This time it involves cryptocurrencies like Bitcoin.

The problem is, you may not even know they’re using your devices for their criminal pursuits. But you have Google on your side.

Click here to find out how Google is protecting you from cryptojackers!

cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out