Cyber criminals are always trying to find new ways to lure users into doing dumb things. For instance, you’ve probably heard about the old trick where hackers rig malicious web sites to deliver pop-ups telling you to download a video codec in order to see a video. Of course, in most cases the fake codec is malware that the attacker hopes to socially engineer you into installing yourself.
Hopefully, you know enough not to fall for the fake video codec lure, but now attackers have a new trick up their sleeves. According to a Neosmart blog post, hackers are now using fake font pop-ups to deliver malware. However, they’ve upped their game by modifying the web page so that it really looks like you might need a font update. Watch today’s video to learn more about this new trick, and what you can do to avoid it.
Episode Runtime: 2:54
Direct YouTube Link: https://www.youtube.com/watch?v=-wTDdsgAxOk
EPISODE REFERENCES:
- Researcher’s post on Chrome font hack – Neosmart
- Beware Chrome asking to download missing fonts – The Next Web
— Corey Nachreiner, CISSP (@SecAdept)
Visitors to our site have experienced this very infrequently. Our website developer says it’s not the site, that it’s the users computer that are infected. I’ve scanned our site using online tools and they say it’s clean. How do I prove to the developer that it’s the site?
Wireshark?