- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
FBI: Cyber-Criminals Are Purchasing Search Engine Ad Services to Launch Attacks
The FBI has warned that cyber-criminals are using search engine advertisement services to defraud the public.
The public service announcement, issued on December 21, 2022, stated that threat actors are purchasing these ad services to impersonate brands for the purpose of luring users to malicious websites.
These sites, which “look identical to the impersonated business’s official webpage,” entice victims to download malware or enter login credentials and financial information.
For example, “in instances where a user is searching for a program to download, the fraudulent webpage has a link to download software that is actually malware.”
The FBI noted that these advertisements are also being used to impersonate websites involved in finances, particularly cryptocurrency exchange platforms.
Search engine advertising services are used by businesses to ensure their ads appear at the very top of search results, with minimum distinction between an advertisement and an actual internet search result. However, the alert said that cyber-criminals are also purchasing these services using a domain that is similar to a real business or service for nefarious purposes.
The law enforcement agency emphasized that while search engine advertisements are not malicious in nature, users should “practice caution when accessing a web page through an advertised link.”
The FBI set out a number of recommended actions for users to take when searching for a business or service online. These are:
- Check the URL for typos before clicking on an advert to ensure the site is legitimate
- Type the business’s URL into an internet browser’s address bar to access the official website directly rather than via a search engine where possible
- Use an ad blocking extension when performing internet searches
The agency also advised businesses to take precautions, such as using domain protection services to notify them when similar domains are registered to prevent domain spoofing and provide education for users on how to detect malicious URLs.
This week, it was reported that a new fraudulent online ad campaign using Google Ads on adult websites may have made its operators hundreds of thousands of dollars per month.