What You Need to Know About Google Chrome Extension Scams

Extensions on web browsers, such as Google or FireFox, are programs that can be installed onto the browser to add new features and modify the existing behavior of the program to make it more convenient for the user. Some popular extensions are:

·      Ad blockers

·      Password management tools

·      Calendar tools

·      Privacy tools

Cyber criminals have taken advantage of the popularity and usability of these extensions and created scams to hack into accounts and steal sensitive information through them. Bad actors are doing this by sending phishing emails urging users to download an extension for their web browser. These emails appear legitimate and propose seemingly beneficial features but they are actually malicious. Once downloaded, the extension only comes up when you enter a specific address in the search bar, making the extension hidden and hard to find. It will automatically activate when the user visits a site, like their bank account or email account, that has sensitive information a threat actor would want to steal.

Cyber criminals have also created false copies of commonly used browser extensions which look legitimate but are actually a copy of the real extension with malicious code designed to steal sensitive information.This type of scam has been seen with the popular AI Chatbot, ChatGPT. Once downloaded, the fake extension will not be seen in the toolbar but is consistently running and collecting sensitive information.

How to Stay Protected

1. Only download extensions to your browser from verified sources, such as the Google Chrome store. Don’t click on unexpected emails that prompt you to click links in an email instead of visiting the extension publisher’s home page.

2. As always, before you follow a link in an email, hover over it and make sure it’s legit. Always double check the sender’s email address as well and look for any typos.

Get Peace of Mind With Entara

Entara offers complete, integrated IT and cyber security solutions tailored to your company’s unique needs and challenges. As an eXtended Service Provider, in addition to managed IT and cyber security services, our 24/7/365 incident response team works day, night, and holidays to help businesses recover from cyber-attacks and remediate their systems to avoid repeat events. We employ a range of security integrations and technology services that protect our clients’ systems, networks, and data. Connect with us to learn more about how we can support your organization.

Scroll to Top