Pierluigi Paganini December 27, 2022

The FBI warns of cybercriminals using search engine advertisement services to impersonate brands and defraud users

The FBI is warning of cyber criminals using search engine advertisement services to impersonate brands and direct users to websites that were used to defraud users. The sites host ransomware and are used to steal login credentials and other financial information from users.

Crooks purchase advertisements through search engine advertisement services, feds observed threat actors using a domain that is similar to an actual business or service. When online users search for that business or service, advertisements appear at the top of search results produced by the search engine. The advertisements link to a webpage that impersonated a legitimate business.

“In instances where a user is searching for a program to download, the fraudulent webpage has a link to download software that is actually malware. The download page looks legitimate and the download itself is named after the program the user intended to download.” reads the advisory published by the FBI.

The advertisements impersonate websites of financial organizations and cryptocurrency exchange platforms. The landing websites were designed to prompt users to enter login credentials and financial information.

Below are the recommendations provided by the FBI to online users:

• Before clicking on an advertisement, check the URL to make sure the site is authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
• Rather than search for a business or financial institution, type the business’s URL into an internet browser’s address bar to access the official website directly.
• Use an ad blocking extension when performing internet searches. Most internet browsers allow a user to add extensions, including extensions that block advertisements. These ad blockers can be turned on and off within a browser to permit advertisements on certain websites while blocking advertisements on others.

The FBI also recommends businesses to:

• Use domain protection services to notify businesses when similar domains are registered to prevent domain spoofing.
• Educate users about spoofed websites and the importance of confirming destination URLs are correct.
• Educate users about where to find legitimate downloads for programs provided by the business.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, search engine advertisement services)

[adrotate banner=”5″]

[adrotate banner=”13″]