Information Security

Recognizing and Responding to Malicious Internet Ads

Last modified 7/22/2024

Cyber Criminals Impersonate Brands Using Search Engine Advertisement Services to Defraud Users

The FBI warns that cyber criminals are leveraging search engine advertisement services to impersonate brands, directing users to malicious sites that host ransomware and steal login credentials and financial information. This type of cybercrime can have significant impacts on individuals and institutions, including universities. Understanding how these scams work and knowing how to protect yourself is crucial.

Methodology

Cyber criminals purchase advertisements that appear within internet search results using domains that closely resemble those of legitimate businesses or services. These advertisements often appear at the very top of search results, making them difficult to distinguish from genuine results. They link to webpages that are designed to look identical to the official sites of the impersonated businesses.

Common Scenarios

  1. Software Downloads: Users searching for software to download may be directed to a fraudulent webpage that mimics the legitimate download page. The software downloaded from these sites is often malware disguised under the name of the intended program. Users searching for software to download may be directed to a fraudulent webpage that mimics the legitimate download page. The software downloaded from these sites is often malware disguised under the name of the intended program.
  2. Financial and Cryptocurrency Sites: Malicious advertisements can also impersonate financial institutions, especially cryptocurrency exchange platforms. These sites prompt users to enter login credentials and financial information, which are then stolen by the cyber criminals.

Protecting Yourself

While search engine advertisements themselves are not inherently malicious, caution is necessary when accessing webpages through advertised links. Here are some tips to help protect yourself:

  1. Verify the URL: Before clicking on an advertisement, check the URL to ensure the site is authentic. Look for typos, misplaced letters, or other irregularities in the domain name.
  2. Direct Navigation: Instead of searching for a business or financial institution, type the business’s URL directly into your internet browser’s address bar to access the official website.
  3. Use Ad Blockers: Consider using an ad blocking browser extension (uBlock Origin) or network service (NextDNS or 1.1.1.1 for Families). Most computer internet browsers allow users to add extensions that block advertisements. These can be toggled on and off to permit advertisements on certain websites while blocking them on others. The network services support computers and smartphones.
  4. Report Malicious Ads:  If you come across a suspicious or malicious advertisement, report it to the search engine or ad platform. This helps to take down the malicious ads and prevents others from falling victim to these scams.

By understanding the methods used by cyber criminals and taking proactive steps to verify the authenticity of websites, both individuals and institutions can significantly reduce the risk of falling victim to these malicious advertisements. Stay vigilant, practice safe browsing habits, and educate others to help build a safer online environment for everyone.