This scammer could have gotten around that hypothetical system by simply calling it an “Authenticator” and listing the names of credentials it “supports” in it’s description, but I’ll bet it’d have fewer downloads had the scammer been forced to do so.
GOOGLE AUTHENTICATOR EXTENSION MANUAL
I’m kind of surprised that Google doesn’t have software that automatically flags any extension submissions with the words “Microsoft”, “Apple”, and other well-known brand names of companies that publish widely used apps (big banks, video game companies, streaming services, content blockers, etc.) that aren’t put up by a known legitimate account for one of said companies for manual review by a human being. A click on the button opens a Polish webpage that redirects to another webpage automatically asking for a sign-in or the creation of an account. It displays a basic page with the option to "run Microsoft Authenticator". The Microsoft Authenticator application cannot be used to authenticate Microsoft account sign-ins or any other sign-in for the matter. The latter are likely fake and used to instill a level of trust in users who check the reviews before trying the extension.Ī quick check of Microsoft's Authenticator homepage reveals that it is available as a mobile application, and as a Microsoft Store version, but not as a browser extension.
The developer email address looks like one of those fake email addresses used for poising or spam sending it uses a Gmail address, and not an official Microsoft address.Ī look at the reviews includes several warnings from other users, but also some that praise it. If you have read our guide on verifying Chrome extensions before installation, you know that direct information such as the developer may provide hints that something may be fishy.
0 kommentar(er)
