Security Issues: Always Check Your Pop-ups

Pop-up notifications often feel like a nuisance, and we tend to click through them without paying much attention. But today’s cybercriminals can use pop-ups to install malicious code on your computer, so you should always take a closer look before clicking. On this week’s One Minute Wednesday, Andy Shin will discuss a recent malware popup scam called “Hoefler Text” and walk you through some steps you can take to protect yourself. Tune in to learn more!

Dealing with Popup Scams

Are you used to ignoring or clicking through pop-up notifications? There are situations where these may actually be attempts to harm your system, so you should take a closer look at them. For example, there was a recent scam that targeted Google Chrome users, where they would receive a legitimate-looking pop-up that asked them to update a missing font entitled “HoeflerText”.

The initial HoeflerText pop-up asking to update the missing font

This was actually a malware attack in disguise. Once the user clicked “Update”, another pop-up window would appear with instructions to download and run a malicious .exe file (see image below). Following these instructions and installing the .exe would immediately infect the user’s system with malware.

The second pop-up asks you to download and install a malicious .exe file

So what made this attack so successful? Because most people are used to ignoring or clicking through pop-up notifications, the victims didn’t take a closer look at the pop-up and didn’t pick up on any of the red flags. They simply clicked through and downloaded the malware onto their system.

Attacks like the “HoflerText” scam rely on the user’s trust and complacency to work. They often contain the exact logos, fonts, and style used by legitimate system pop-up notifications, allowing cybercriminals to trick unsuspecting users into clicking on something that seems familiar. These scams also evoke a sense of urgency in their messages to get the victim to act fast.

How Can You Protect Yourself?

  • In the case of “HoeflerText”, be aware that Chrome will never prompt you to download a missing font. If you see this particular pop-up, it is definitely a scam.
  • In general, be wary of pop-ups that ask you download or install something. Legitimate system pop-ups will rarely ask you to install or download out of the blue, unless you have initiated an installation yourself.
  • Finally, be wary of pop-ups and notifications that ask you to provide sensitive information or visit an unknown website.

Knowing the signs of a malicious pop-up and following these steps can help keep you safe. Be sure to join us again next week for another One Minute Wednesday!


More Posts

Cup of IT: Sending Secure Emails with Microsoft 365

Microsoft 365 comes with several built-in security features that allow your organization to manage how sensitive information is handled via email. On this episode of Cup of IT, we’ll be discussing how to send secure emails using sensitivity labels, email encryption, and the do-not-forward options in Microsoft 365.

Clean Your Inbox with Outlook Folders

Using Outlook folders is a great way to begin relieving the stress of managing your inbox. On today’s One-Minute Wednesday, you’ll learn how to create customizable folders that can automatically categorize your email, giving you a better experience with your inbox.

Blocking Senders in Microsoft Outlook

Tired of junk mail getting past your built-in spam filter? You can quickly and easily train your junk folder in Microsoft Outlook. On today’s One-Minute Wednesday, Sean Mountain will show you how to mark email as junk and block senders, giving you more power over what shows up in your inbox!

Getting Started With Two-Factor Authentication

Today’s cybersecurity landscape is filled with a variety of evolving threats, demanding new ways to protect your data. On this week’s One-Minute Wednesday, we’ll cover how Two-Factor Authentication can keep you safe from the vast majority of cybersecurity breaches.