Fake Browser Coupon Extension Scams
Malicious browser extensions that pose as coupon or cashback tools to steal credentials, inject ads, and harvest payment details.
Part of: Fake Browser Coupon Extension Scams
Last reviewed: 8 June 2026
Browser extensions that promise automatic coupons, cashback, or price comparisons are among the most widely installed add-ons in modern browsers. Scammers exploit this popularity by publishing fake or hijacked extensions that look identical to legitimate tools but silently read everything you type, including passwords and card numbers.
Unlike phishing emails, malicious extensions operate persistently inside your browser session, meaning they can capture data across every site you visit — not just a single fake page. They may also redirect affiliate links to pocket commissions meant for other parties, or inject advertisements that override normal page content.
How this scam works on browser extensions
A fake coupon extension is typically promoted through social media ads, pop-up banners on shopping sites, or search results that appear above the legitimate tool. The extension requests broad permissions — reading and changing data on all websites — which are rarely questioned by users expecting a helpful coupon tool.
Once installed, it may work partially as advertised while silently logging keystrokes on checkout pages, injecting fake promo codes that capture card details through a man-in-the-middle form, or replacing legitimate affiliate codes with the scammer's own. Some variants periodically redirect searches to phishing pages or sell browsing data to third parties.
Common red flags
- Extension requests permission to 'read and change all your data on all websites'
- Promoted through a pop-up or unsolicited ad rather than the official browser store
- Low rating or recent reviews warning of data theft
- Extension publisher name does not match the original tool's known developer
- Browser becomes noticeably slower or redirects searches to unfamiliar sites
- Checkout pages on well-known retailers suddenly look different or ask for unusual information
How to protect yourself
- Only install extensions from the official Chrome Web Store, Firefox Add-ons, or Edge Add-ons
- Check the extension's verified publisher and read recent reviews before installing
- Audit your installed extensions regularly and remove any you do not actively use
- Use a password manager so credentials are not exposed to keystroke-logging extensions
- If you suspect an extension, remove it and run a reputable malware scan
- Consider using a dedicated browser profile with minimal extensions for online shopping
How to report it
- Report the extension directly in the browser store (flag as malicious)
- Report to the FTC at reportfraud.ftc.gov or your national cybercrime authority
- If payment details were exposed, contact your bank immediately and request new card numbers
Frequently asked questions
How do I know if a coupon extension is legitimate?
Check the developer name against the official company website, look for a large and consistently positive review history, and scrutinise the permissions it requests. Legitimate coupon tools need read access only on retail sites, not all websites.
Can a malicious extension steal saved passwords?
If it has permission to read all pages and you autofill passwords, yes. Use a dedicated password manager that is separate from browser-saved passwords to reduce this risk.