Fake Browser Plug-in—A New Vehicle for Scammers:
Security researchers from Symantec have spotted a fake browser plugin-in currently circulating in the wild.
How the infection takes place:The scenario is very simple: the victim is lured into watching some video; but instead of asking the victim to share/like the video, (which we have seen in many scams) the scammers present the victim with a fake plug-in download image, which is required to see the video.
Once the end users are tricked into installing the fake YouTube themed browser extension, their User-Agent info is retrieved and accordingly, the fake plug-in is downloaded. For the time being, only Mozilla Firefox and Google Chrome plug-ins are being used.
The scam is currently circulating, using the [Video] Leakead video of Selena Gomez and Justin Beiber [NEW HOT!!] theme.
This isn’t the first time that scammers are relying on fake browser plugins and extensions as a propagation vehicle for their scams. In December 2011, researchers from WebSense have detected a malicious campaign where the scammers were successfully hijacking Facebook accounts using bogus browser extensions
Scammers are always looking for different techniques to lure users .
Facebook users are advised to be extra vigilant when interacting with content shared on the most popular social networking site.
Additional Facebook Security Tips:
- Review your security settings and consider enabling login notifications. They’re in the drop-down box under Account on the upper, right-hand corner of your Facebook home page.
- Don’t click on strange links, even if they’re from friends, and notify the person if you see something suspicious.
- Don’t click on friend requests from unknown parties.
- If you come across a scam, report it so that it can be taken down.
- Don’t download any applications you aren’t certain about.
- For using Facebook from places like hotels and airports, text “otp” to 32665 for a one-time password to your account.
- Visit Facebook’s security page, and read the items “Take Action” and “Threats.”
One thought on “Researchers spot scammers using fake browser plug-ins”