Using Fake Reviews to Find Dangerous Browser Extensions

Brian Krebs:

Fake, positive reviews have infiltrated nearly every corner of life online these days, confusing consumers while offering an unwelcome advantage to fraudsters and sub-par products everywhere. Happily, identifying and tracking these fake reviewer accounts is often the easiest way to spot scams. Here’s the story of how bogus reviews on a counterfeit Microsoft Authenticator browser extension exposed dozens of other extensions that siphoned personal and financial data.

After hearing from a reader about a phony Microsoft Authenticator extension that appeared on the Google Chrome Store, KrebsOnSecurity began looking at the profile of the account that created it. There were a total of five reviews on the extension before it was removed: Three Google users gave it one star, warning people to stay far away from it; but two of the reviewers awarded it between three and four stars.

Fraudulent reviews are a scourge. Apple’s App Store is riddled with them — I’m not sure I’ve seen a single story about a scammy app in the App Store that didn’t have a bunch of 5-star reviews. Amazon product pages are riddled with fake reviews too. There’s a huge cottage industry in paying for fake reviews in any online forum where reviews can come from anyone.

I don’t know what the answer is. Users think they like reading reviews from other users, but they have no idea how utterly untrustworthy unverified reviews are. There’d be outrage if Apple or Amazon simply pulled the plug on user-submitted reviews, or wiped the slate clean by nuking existing reviews and starting over with some sort of “verified reviewer” system. But the status quo is a cesspool of scammy reviews that many users believe they can trust. It’s a mess.

Thursday, 3 June 2021