FBI Warns Chrome, Safari And Edge Users—Do Not Use These Websites
New scam alert issued by FBI
Update: Republished on March 18 with examples of the dangerous websites behind this latest FBI warning and additional advice on staying safe.
Following hot on the heels of the FBI’s warning for Americans to delete fraudulent texts as a malicious scam sweeps across America, here comes another alert as a very different kind of threat has emerged. The latest scam targets both smartphone and desktop users through websites crafted to steal your passwords, financial information and wallets.
This time it’s utility websites in the bureau’s crosshairs, as it “increasingly sees a scam involving free online document converter tools.” These are the simplest, most innocuous websites, but criminals are using “converter tools to load malware onto victims’ computers, leading to incidents such as ransomware.”
“The best way to thwart these fraudsters is to educate people so they don’t fall victim to these fraudsters in the first place,” the FBI says in an online warning via its Denver field office. “If you or someone you know has been affected by this scheme, we encourage you to make a report and take actions to protect your assets. Every day, we are working to hold these scammers accountable and provide victims with the resources they need.”
Kaspersky warns that “online converters are a tempting but dangerous way to change file format… Because converting a file is not simply a matter of changing its extension — otherwise you could just rename the file from, say, EPUB to MP3. Instead, the converter program must read the file, understand what it contains, convert the data and re-save it in a different format — and each of these stages poses its own threats.”
It’s not just websites; there are a raft of dangerous conversion tools on smartphone app stores as well. But unlike the official Google and Apple stores, there are no defenses preventing criminals publishing malicious websites. You’re reliant on the security tools built into your browser and common sense. “Unfortunately, many victims don’t realize they have been infected by malware until it’s too late, and their computer is infected with ransomware or their identity has been stolen.”
The FBI’s advice as ever is to “take a breath, slow down and think. Be aware of your actions online and what risks you could be exposed to.” In addition, PC users should ensure they have some form of updated antivirus software running on their machines. You will also benefit by enabling safe browsing if available on your browser.
Chrome and Safari dominate the mobile browsing market, and with Edge do the same across desktops. Whether using those or other browsers on your phone or desktop, if you think you might have fallen for a such a scam, you can report it at IC3.gov, and more critically you should change your passwords and check your online accounts.
This is just the latest warning for web and app users to avoid utility tools that are simple for an attacker to create and which will always find a ready audience. If you need to convert documents, use a tool from an established provider or the stock ones available with your OS or other platforms. You certainly should not send any files to the cloud for conversion, provide personal information or install software.
Kaspersky says “the safest way is to convert files locally; that is, on your own device without using third-party sites. This way, the data is guaranteed to remain confidential — at least until you connect to the internet. You can change a file’s format using either system tools or popular programs.”
And this isn’t the only online document warning doing the rounds. Per Bleeping Computer over the weekend, “cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials.” These are “malicious OAuth apps” that are “impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign.”
This warning comes courtesy of the research team at Proofpoint, and highlights the risks with online services that easily lure users into clicking links. While a URL in an email might raise concerns, we are all now used to receiving DocuSign or Adobe links that we click through. It has proven too easy for criminals to add brand impersonation into the mix, and when an attack is highly targeted, this becomes difficult to spot.
While this latest campaign impersonated “charities or small companies using compromised email accounts,” last year government agencies themselves were being mimicked. SlashNext warned of a “concerning turn,” as “businesses that regularly interact with state, municipal, and licensing authorities” were targeted. This came as a 98% increase in the use of DocuSign phishing URLs was flagged.
“Cybercriminals offer any kind of popular file conversion to attract victims,” Malwarebytes says in a new report following the FBI’s warning, “with the most common ones converting .doc to .pdf files and vice versa. There are also sites that offer to combine multiple images into one .pdf file.”
And the functionality is so simple that “it’s not as if these file converters don’t work. Usually, they will, and the victim will think nothing more of it.” We’ve all done it — a quick online search to convert currencies or measurements, or that frustrating doc we can’t open and for which we need a quick fix.
According to Malwarebytes, telltale warning signs include pushing you to download a conversion tool or browser extension, or “in the most sophisticated scenario, the so-called converted file contains malware code that downloads and install an information stealer and everyone who opens it will get their device infected.”
The security team has provided some of the website domains it has found in the wild pushing these kinds of attacks:
- “Imageconvertors[.]com (phishing)
- convertitoremp3[.]it (Riskware)
- convertisseurs-pdf[.]com (Riskware)
- convertscloud[.]com (Phishing)
- convertix-api[.]xyz (Trojan)
- convertallfiles[.]com (Adware)
- freejpgtopdfconverter[.]com (Riskware)
- primeconvertapp[.]com (Riskware)
- 9convert[.]com (Riskware)
- Convertpro[.]org (Riskware)”
Coming full circle, the FBI has also warned this month that scammers are even impersonating federal agencies, as citizens are presented “with a fraudulent federal warrant and asked to pay fines to clear it up.”
Be careful out there.