Users are increasingly being tricked into downloading fake browser extensions onto their computers, according to Symantec. Rogue browser extensions can pose like legitimate extensions but when installed they steal data, including passwords and other sensitive information from the infected system. Plug-in scams can be spotted if they offer to provide additional features on the social network, Haley said.
A Facebook Black plug-in scam quickly spread on Facebook in March. The attackers enticed users by tricking them into installing a browser extension to add a dark look to the Facebook page. Instead it directed victims to a set of surveys to harvest their personal information. The fake plug-in spread by automatically creating a new Facebook page on the victim's account. The scam was hosted on Amazon's S3 cloud storage service before it was finally shut down.