The FBI has issued a warning that malicious actors are using search engine ad services to impersonate brands and direct victims to malicious sites in attempts to steal credentials and infect devices with malware such as ransomware or spyware.
How it works:
When a user searches for a business or financial institution, ads will appear at the top of their search results. Users often mistake ads for search results. While the ads themselves are not malicious, they will direct victims to malicious sites designed to look like their legitimate counterparts. These types of ads are also being used in connection with downloads made from the web, with a download page looking exactly like its legitimate counterpart.
Recommendations:
- Access sites you wish to visit by typing known URLs into your browser’s address bar.
- Check URLs before you click to make sure that the destination URL appears as you’d expect and confirm once on the site, by viewing the site name in your browser’s address bar.
- Be on the lookout for slight differences when examining URLs, such as misspellings, character substitutions, and similar but not the same names, e.g., amaz0n.com; nyu-edu; wallmart.com.
- Only download from known and trusted sources such as Google Play & Apple’s App. Store.
- Consider using an ad blocker (browser extension). For more information on ad blockers, see the following ad blocker review from The New York Times.