Don’t be tricked into downloading
One of the latest tricks targets Google Chrome users, which is not surprising since it has become the most popular web browser.
Popular software and operating systems are big targets and they attract the attention of malware authors and criminals. It is one of the reasons why there is so much malware for Windows PCs and so little for Apple Macs. Windows PCs are a huge target.
The Chrome scam is quite simple, but also quite convincing. In order to get malware onto the computer, it must be downloaded and run. It is not easy to do this automatically, so the malware distributors resort to tricks to try to fool you into doing this for them.
When you visit a website that has been infected with this malware, a message pops up that there is a missing font and that it is required in order to display the web page correctly.
You are provided with a link to download a file to add the font and when it is run, the computer is infected with malware.
Recycling old ideas
This is not a new idea and there have been many variations of this before. For example, you might see a pop-up message saying that your computer is running very slowly, it is infected with malware, the registry is corrupt, Flash Player needs updating in order to watch a video and so on.
Scammers will say anything that they think might persuade you to download and run a file.
The way to stay safe is to never download and run anything a website claims you need. You don’t actually need much, if anything these days, so be very suspicious of any website that says you need something.
- If you are asked to download a file, do not do it.
- If you visit a website and a file downloads automatically, do not run it.
- If you find files you don’t recognise in the Downloads folder, do not run them.
- Upload suspicious files to the VirusTotal website to see if they are malware
There is more information on the Chrome fonts trick at the NeoSmart Technologies blog.
Watch out for email scams
Many scams and phishing attempts arrive by email. If you have good spam filters on your email account you will rarely see them, but sometimes the odd one or two gets through.
Here is a recent example from my inbox. It is an iTunes receipt. It’s not really, but that is what it wants me to believe. Apparently I ordered an iPhone 7 and got a 100% discount as a promotion. All I need to pay is a £2 shipping fee.
Needless to say, if i was tempted to respond to this I would not see the iPhone or my money again. It is only £2, but you can bet that the cost will escalate at some point and the scammer will try to get a lot more from me.
Many email scams are easy to spot because they begin with ‘Dear customer’ and they don’t know your name.
On rare occasions they do know your name and this makes them harder to spot. If you know you have not ordered anything, then a receipt or bill for something is immediately suspicious. I haven’t ordered an iPhone, so I know this is fake.
You might see similar messages, such as Amazon goods you never ordered, PayPal payments you never made, and so on.
Needless to say, do not click on links in suspicious emails.
If you need to check an order, if you need to check your PayPal, bank, Apple, Amazon or other account is OK, go to the website by typing in the URL and log in. Don’t click the email.
If I really did order something from iTunes, there would be a record in my Apple account, so logging in and checking the status would show the order.