The FBI issued a warning this week to alert online users that cyber criminals are using search engine ads to impersonate legitimate and otherwise trustworthy brands to direct them to malicious websites.
“Cyber criminals purchase advertisements that appear within internet search results using a domain that is similar to an actual business or service,” the FBI said in a press release. “When a user searches for that business or service, these advertisements appear at the very top of search results with the minimum distinction between an advertisement and an actual search result. These advertisements link to a webpage that looks identical to the impersonated business’s official webpage.
“In instances where a user is searching for a program to download, the fraudulent webpage has a link to download software that is actually malware. The download page looks legitimate and the download itself is named after the program the user intended to download.”
The FBI said that threat actors are using fake ads for websites involved in finances, especially cryptocurrency exchange platforms. When a user clicks on the ad, they believe they’re visiting a normal site. The site looks very similar to the real site and it prompts you to provide your personal data. When they enter their account information or financial details, the threat actors gain access to them. With this type of information, criminals can steal their money.
The FBI released tips for how to identify malicious ads, which include checking the URL for the ad before clicking on it, typing in the business URL (instead of clicking on the ad), and using a good ad blocker.
You can also use a high-quality antivirus, which comes with web protections that detect malicious sites and block you from accessing them.
“While search engine advertisements are not malicious in nature, it is important to practice caution when accessing a web page through an advertised link,” the FBI report said.