Cyber Criminals Are Impersonating Brands Consumers Trust Using Search Engine Advertisement Services to Defraud The Public
The FBI is warning the public that cybercriminals are using search engine advertisement services to impersonate brands and direct users to malicious fake websites that host ransomware or steal login credentials and other financial information.
The scammers are actually paying to create these advertisements since the public believes that advertisements are generally not scams. No one can afford to believe that anymore!
How These Scams Work
Cyber criminals purchase advertisements from Google and other search engines (such as Bing, etc) that appear within internet search results using a domain that is similar to an actual business or service (typo domains).
When a user searches for that business or service, these advertisements appear at the very top of search results with a minimal distinction between an advertisement and an actual search result. These advertisements link to a webpage that looks identical to the impersonated business’s official webpage.
In instances where a user is searching for a program to download, an e-commerce store, or something else they want or need are taken to the fraudulent webpage via that advert. If it was for software it has a link to download software that is actually malware. The download page looks legitimate and the download itself is named after the program the user intended and expected to download.
These advertisements have also been used to impersonate websites involved in finances, particularly cryptocurrency exchange platforms. These malicious sites appear to be real exchange platforms and prompt users to enter login credentials and financial information, giving criminal actors access to steal funds.
NOTE: they tend to be impersonating companies and brands that do little to police the links that appear on search engines. Major brands like COCA-COLA for example, meticulously police their brands looking for fakes.
While search engine advertisements are not malicious in nature, it is important to practice caution when accessing a web page through an advertised link. You are better looking at the add and then looking below for the actual company, brand, or product link.
Tips To Protect Yourself
We recommend individuals take the following precautions:
- Before clicking on an advertisement, check the URL to make sure the site is authentic. A malicious domain name may be similar (can be almost identical) to the intended URL but with typos or a misplaced letter.
- Rather than search for a business or financial institution, type the business’s URL into an internet browser’s address bar to access the official website directly. Except, you have to be careful because a mistyped address can often lead to a fake website too!
- Try searching of the name of the brand or company and add “official website” to the search.
- Use an ad-blocking extension in your browser (EDGE browser has this built-in) when performing internet searches. Most internet browsers allow a user to add extensions, including extensions that block advertisements. These ad blockers can be turned on and off within a browser to permit advertisements on certain websites while blocking advertisements on others.
We also recommend businesses take the following precautions:
- Use domain protection services to notify businesses when similar domains are registered to prevent domain spoofing.
- Educate your friends and family, and co-workers about spoofed websites and the importance of confirming destination URLs are correct.
- Educate your friends and family, and co-workers about where to find legitimate downloads for programs provided by a business.