Cyber Criminals Impersonating Brands Using Search Engine Advertisement Services to Defraud Users
The FBI is warning the public that cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information.
Methodology
Cyber criminals purchase advertisements that appear within internet search results using a domain that is similar to an actual business or service. When a user searches for that business or service, these advertisements appear at the very top of search results with minimum distinction between an advertisement and an actual search result. These advertisements link to a webpage that looks identical to the impersonated business’s official webpage.
In instances where a user is searching for a program to download, the fraudulent webpage has a link to download software that is actually malware. The download page looks legitimate and the download itself is named after the program the user intended to download.
These advertisements have also been used to impersonate websites involved in finances, particularly cryptocurrency exchange platforms. These malicious sites appear to be real exchange platforms and prompt users to enter login credentials and financial information, giving criminal actors access to steal funds.
While search engine advertisements are not malicious in nature, it is important to practice caution when accessing a web page through an advertised link.
Tips to Protect Yourself
The FBI recommends individuals take the following precautions:
- Before clicking on an advertisement, check the URL to make sure the site is authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
- Rather than search for a business or financial institution, type the business’s URL into an internet browser’s address bar to access the official website directly.
- Use an ad blocking extension when performing internet searches. Most internet browsers allow a user to add extensions, including extensions that block advertisements. These ad blockers can be turned on and off within a browser to permit advertisements on certain websites while blocking advertisements on others.
The FBI recommends businesses take the following precautions:
- Use domain protection services to notify businesses when similar domains are registered to prevent domain spoofing.
- Educate users about spoofed websites and the importance of confirming destination URLs are correct.
- Educate users about where to find legitimate downloads for programs provided by the business.
Victim Reporting
If you believe you have been a victim of fraud or malware based on brand impersonation from search engine advertisements, report the fraud to your local FBI field office at www.fbi.gov/contact-us/fieldoffices. The FBI also encourages victims to report fraudulent or suspicious activities to the FBI Internet Crime Complaint Center at www.ic3.gov.