Researchers spot scammers using fake browser plug-ins

Fake Browser Plug-in—A New Vehicle for Scammers:

Security researchers from Symantec have spotted a fake browser plugin-in currently circulating in the wild.

 How the infection takes place:

The scenario is very simple: the victim is lured into watching some video; but instead of asking the victim to share/like the video, (which we have seen in many scams) the scammers present the victim with a fake plug-in download image, which is required to see the video.

Once the end users are tricked into installing the fake YouTube themed browser extension, their User-Agent info is retrieved and accordingly, the fake plug-in is downloaded. For the time being, only Mozilla Firefox and Google Chrome plug-ins are being used.

The scam is currently circulating, using the [Video] Leakead video of Selena Gomez and Justin Beiber [NEW HOT!!] theme.

facebook / youtube

This isn’t the first time that scammers are relying on fake browser plugins and extensions as a propagation vehicle for their scams. In December 2011, researchers from WebSense have detected a malicious campaign where the scammers were successfully hijacking Facebook accounts using bogus browser extensions

 Scammers are always looking for different techniques to lure users .

Facebook users are advised to be extra vigilant when interacting with content shared on the most popular social networking site.

Additional Facebook Security Tips:

  • Review your security settings and consider enabling login notifications. They’re in the drop-down box under Account on the upper, right-hand corner of your Facebook home page.
  • Don’t click on strange links, even if they’re from friends, and notify the person if you see something suspicious.
  • Don’t click on friend requests from unknown parties.
  • If you come across a scam, report it so that it can be taken down.
  • Don’t download any applications you aren’t certain about.
  • For using Facebook from places like hotels and airports, text “otp” to 32665 for a one-time password to your account.
  • Visit Facebook’s security page, and read the items “Take Action” and “Threats.”

source: symantec,zdnet

One thought on “Researchers spot scammers using fake browser plug-ins

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s