According to reports from security experts, hackers are using pop-up alerts to warn users of a fake ‘issue’ that needs to be resolved.
Clark.com (a consumer guide website) explains how the scam works:
Crooks inject a type of code onto a website, and then when you land on that site using the Chrome browser, the page appears unreadable. So basically the hackers create a fake issue and then offers a fake solution.
When this happens, a pop-up alert warns you that “The ‘HoeflerText’ font wasn’t found,” and then prompts you to download and install an update to your device, which is disguised as a ‘missing font’ file.
The file, however, is actually a malware download.
What makes this scam so easy to fall for is the fact that the pop-up warning looks just like a legitimate alert from the browser, making it easy for criminals to trick unsuspecting users into clicking and downloading the malicious file.
Pretty much everything about the bogus browser message looks legit — including the Chrome logo, which is a method cyber criminals use very often.
But if you take a closer look, there are a few red flags that can show you the warning is fake:
- The window shows the user is running Chrome’s 53 version, so if this isn’t the version you’re using, that’s a red flag.
- If you click ‘Update,’ it prompts a download of a file title “Chrome Font v7.5.1.exe,” but that doesn’t match the one displayed in the pop-up message, which reads “Chrome_Font.exe.”
Of course these details aren’t so easy to spot if you aren’t an expert or don’t even know what to look for — however, you may see a warning that says ‘this file isn’t downloaded often,’ which is a sign that something may not be quite right.
Important note: Any time you get a warning about a file you’re about to download from the Internet, make sure to do some research about it before going ahead with the download — as it could be malware or some other type of scam.
More tips to avoid similar scams
As a general rule of thumb, if you receive an email you weren’t expecting, do not click on any links inside the email. Even if you are expecting an order confirmation or package to be delivered, do not click on any links in an email notification. Go to the company’s website directly to get any delivery or order information.
The same goes for any pop-up alerts prompting you to download an unknown file or click an unknown link.
Here are some more tips to help you protect yourself from online scammers:
- Be wary of unexpected emails containing links or attachments: If you receive an unexpected email claiming to be from your bank or other company that has your personal information, don’t click on any of the links or attachments. It could be a scam. Instead, log in to your account separately to check for any new notices.
- Call the company directly: If you aren’t sure whether an email notice is legit, call the company directly about the information sent via email to find out if it is real and/or if there is any urgent information you should know about.
- If you do end up on a website that asks for your personal information, make sure it is a secure website, which will have ‘https’ at the beginning (‘s’ indicates secure).
- Look out for grammar and spelling errors: Scam emails often contain typos and other errors — which is a big red flag that it probably didn’t come from a legitimate source.
- Never respond to a text message from a number you don’t recognize: This could also make any information stored in your phone vulnerable to hackers. Do some research to find out who and where the text came from.
- Don’t call back unknown numbers: If you get a missed call on your cell phone from a number you don’t recognize, don’t call it back. Here’s what you need to know about this phone scam.
- Be cautious of any notification from an “automated message system” that states “Click on this link for details.”