The Federal Bureau of Investigation (FBI) this week raised the alarm on cybercriminals impersonating brands in advertisements that appear in search engine results. The agency has advised consumers to use ad blockers to protect themselves from such threats.
The attackers register domains similar to those of legitimate businesses or services and use those domains to purchase ads from search engine advertisement services, the FBI says in an alert.
These nefarious ads are displayed at the top of the web page when the user searches for that business or service, and the user might mistake them for an actual search result.
Links included in these ads take users to pages that are identical to the official web pages of the impersonated businesses, the FBI explains.
If the user searches for an application, they are taken to a fake web page that uses the real name of the program the user searches for, and which contains a link to download software that is, in fact, malware.
“These advertisements have also been used to impersonate websites involved in finances, particularly cryptocurrency exchange platforms,” the FBI notes.
Seemingly legitimate exchange platforms, the malicious sites prompt users to provide their login and financial information, which the cybercriminals then use to steal the victim’s funds.
“While search engine advertisements are not malicious in nature, it is important to practice caution when accessing a web page through an advertised link,” the FBI says.
Businesses are advised to use domain protection services to be notified of domain spoofing, and to educate users about spoofed websites and on how to find legitimate downloads for the company’s software.
Users are advised to check URLs to make sure they access authentic websites, to type a business’ URL into the browser instead of searching for that business, and to use ad blockers when performing internet searches.
Ad blockers can have a negative impact on the revenues of online businesses and advertisers, but they can be good for online security, and even the NSA and CIA are reportedly using them.
Related: FBI Warns of Hacktivist DDoS Attacks, But Says Impact Limited
Related: FBI Warns of Iranian Cyber Firm’s Hack-and-Leak Operations
Related: FBI Warns of Unpatched and Outdated Medical Device Risks
Related: FBI Warns of Proxies and Configurations Used in Credential Stuffing Attacks
Ionut Arghire is an international correspondent for SecurityWeek.
Tags:
