Cyber Criminals Are Impersonating Brands Consumers Trust Using Search Engine Advertisement Services to Defraud The Public
The FBI is warning the public that cybercriminals are using search engine advertisement services to impersonate brands and direct users to malicious fake websites that host ransomware or steal login credentials and other financial information.
The scammers are actually paying to create these advertisements since the public believes that advertisements are generally not scams. No one can afford to believe that anymore!
How These Scams Work
Cyber criminals purchase advertisements from Google and other search engines (such as Bing, etc) that appear within internet search results using a domain that is similar to an actual business or service (typo domains).
When a user searches for that business or service, these advertisements appear at the very top of search results with a minimal distinction between an advertisement and an actual search result. These advertisements link to a webpage that looks identical to the impersonated business’s official webpage.
In instances where a user is searching for a program to download, an e-commerce store, or something else they want or need are taken to the fraudulent webpage via that advert. If it was for software it has a link to download software that is actually malware. The download page looks legitimate and the download itself is named after the program the user intended and expected to download.
These advertisements have also been used to impersonate websites involved in finances, particularly cryptocurrency exchange platforms. These malicious sites appear to be real exchange platforms and prompt users to enter login credentials and financial information, giving criminal actors access to steal funds.
NOTE: they tend to be impersonating companies and brands that do little to police the links that appear on search engines. Major brands like COCA-COLA for example, meticulously police their brands looking for fakes.
While search engine advertisements are not malicious in nature, it is important to practice caution when accessing a web page through an advertised link. You are better looking at the add and then looking below for the actual company, brand, or product link.
Tips To Protect Yourself
We recommend individuals take the following precautions:
- Before clicking on an advertisement, check the URL to make sure the site is authentic. A malicious domain name may be similar (can be almost identical) to the intended URL but with typos or a misplaced letter.
- Rather than search for a business or financial institution, type the business’s URL into an internet browser’s address bar to access the official website directly. Except, you have to be careful because a mistyped address can often lead to a fake website too!
- Try searching of the name of the brand or company and add “official website” to the search.
- Use an ad-blocking extension in your browser (EDGE browser has this built-in) when performing internet searches. Most internet browsers allow a user to add extensions, including extensions that block advertisements. These ad blockers can be turned on and off within a browser to permit advertisements on certain websites while blocking advertisements on others.
We also recommend businesses take the following precautions:
- Use domain protection services to notify businesses when similar domains are registered to prevent domain spoofing.
- Educate your friends and family, and co-workers about spoofed websites and the importance of confirming destination URLs are correct.
- Educate your friends and family, and co-workers about where to find legitimate downloads for programs provided by a business.
Statement About Victim Blaming
Some of our articles discuss various aspects of victims. This is both about better understanding victims (the science of victimology) and their behaviors and psychology. This helps us to educate victims/survivors about why these crimes happened and to not blame themselves, better develop recovery programs, and to help victims avoid scams in the future. At times this may sound like blaming the victim, but it does not blame scam victims, we are simply explaining the hows and whys of the experience victims have.
These articles, about the Psychology of Scams or Victim Psychology – meaning that all humans have psychological or cognitive characteristics in common that can either be exploited or work against us – help us all to understand the unique challenges victims face before, during, and after scams, fraud, or cybercrimes. These sometimes talk about some of the vulnerabilities the scammers exploit. Victims rarely have control of them or are even aware of them, until something like a scam happens and then they can learn how their mind works and how to overcome these mechanisms.
Articles like these help victims and others understand these processes and how to help prevent them from being exploited again or to help them recover more easily by understanding their post-scam behaviors. Learn more about the Psychology of Scams at www.ScamPsychology.org
To Learn More Also Look At Our Article Catalogs
Scam & Crime Types
More SCARS
- ScamsNOW Magazine – ScamsNOW.com
- ContraEstafas.org
- ScammerPhotos.com
- AnyScam.com – reporting
- AgainstScams.org – SCARS Corporate Website
- SCARS YouTube Video Channel
Leave A Comment