Pop-up notifications often feel like a nuisance, and we tend to click through them without paying much attention. But today’s cybercriminals can use pop-ups to install malicious code on your computer, so you should always take a closer look before clicking. On this week’s One Minute Wednesday, Andy Shin will discuss a recent malware popup scam called “Hoefler Text” and walk you through some steps you can take to protect yourself. Tune in to learn more!

Dealing with Popup Scams

Are you used to ignoring or clicking through pop-up notifications? There are situations where these may actually be attempts to harm your system, so you should take a closer look at them. For example, there was a recent scam that targeted Google Chrome users, where they would receive a legitimate-looking pop-up that asked them to update a missing font entitled “HoeflerText”.

The initial HoeflerText pop-up asking to update the missing font

This was actually a malware attack in disguise. Once the user clicked “Update”, another pop-up window would appear with instructions to download and run a malicious .exe file (see image below). Following these instructions and installing the .exe would immediately infect the user’s system with malware.

The second pop-up asks you to download and install a malicious .exe file

So what made this attack so successful? Because most people are used to ignoring or clicking through pop-up notifications, the victims didn’t take a closer look at the pop-up and didn’t pick up on any of the red flags. They simply clicked through and downloaded the malware onto their system.

Attacks like the “HoflerText” scam rely on the user’s trust and complacency to work. They often contain the exact logos, fonts, and style used by legitimate system pop-up notifications, allowing cybercriminals to trick unsuspecting users into clicking on something that seems familiar. These scams also evoke a sense of urgency in their messages to get the victim to act fast.

How Can You Protect Yourself?

  • In the case of “HoeflerText”, be aware that Chrome will never prompt you to download a missing font. If you see this particular pop-up, it is definitely a scam.
  • In general, be wary of pop-ups that ask you download or install something. Legitimate system pop-ups will rarely ask you to install or download out of the blue, unless you have initiated an installation yourself.
  • Finally, be wary of pop-ups and notifications that ask you to provide sensitive information or visit an unknown website.

Knowing the signs of a malicious pop-up and following these steps can help keep you safe. Be sure to join us again next week for another One Minute Wednesday!