The Federal Bureau of Investigation (FBI) issued an alert about cyber criminals using a new methodology to defraud users – brand impersonation via search engine advertisement services. The victims are led to malicious websites that host ransomware and steal login credentials and other financial information.
At first, cyber criminals buy advertisements that appear in internet search results using a domain similar to a legitimate business or service. Whenever a user searches for that company or service, these advertisements display near the top of the search results, with little distinction between an advertisement and a genuine search result. Once clicked, these ads lead to a website that looks just like the impersonated company’s genuine website.
If a user searches for a program to download, the fraudulent webpage contains a link to download software that is, in fact, malware-infected. The download page seems authentic, and the file is named after the program the user wanted to download.
The ads have also been used to impersonate websites of financial institutions and bitcoin trade platforms. The landing pages were designed to prompt users to provide login credentials and payment information, as Security Affairs also explains.
While search engine advertisements are not malicious in nature, it is important to practice caution when accessing a web page through an advertised link.
Protection Advice for Individuals and Businesses
The FBI shares a few important tips to avoid falling victim to these scams. Individuals should take the following precautions when browsing the internet:
- Before clicking on an advertisement, check the URL to make sure the site is authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
- Rather than search for a business or financial institution, type the business’s URL into an internet browser’s address bar to access the official website directly.
- Use an ad-blocking extension when performing internet searches. Most internet browsers allow a user to add extensions, including extensions that block advertisements. These ad blockers can be turned on and off within a browser to permit advertisements on certain websites while blocking advertisements on others.
The law enforcement agency also advises businesses to take the following measures:
- Use domain protection services to notify businesses when similar domains are registered to prevent domain spoofing.
- Educate users about spoofed websites and the importance of confirming destination URLs are correct.
- Educate users about where to find legitimate downloads for programs provided by the business.
The full alert published by the FBI is available here.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.