Scam of the week: five-star fraud

Say the new browser extension that you want to download has a lot of positive reviews. These reviews may make the extension seem legitimate, but not necessarily. Cybercriminals often use fake reviews to trick users into downloading malicious browser extensions.
For example, a malicious Microsoft Authenticator extension with fake reviews was recently found in the Google Chrome Store. The extension had five reviews: three one-star reviews and two five-star reviews. The real one-star reviews warned others that the extension was malware, while the fake five-star reviews praised the extension. This is just one example of how bad guys use fake reviews to gain your trust.
So, how do you know if the cool new extension is safe to download? Follow these tips to stay safe:
  • Only download extensions from trusted publishers. Cybercriminals can easily publish extensions or apps to app stores, so make sure you know who developed the extension before you download it.
  • Be suspicious of extensions that ask you to enter sensitive information. Legitimate extension downloads may request special permissions from you, but they won’t ask you to give up sensitive information.
  • Look for negative reviews. Don’t just focus on the positive reviews. Negative or critical reviews are less likely to be fake.