The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information.
In a public service announcement issued this week, the FBI describes how cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company's website.
However, anyone clicking on the link is instead taken to a lookalike page that may appear identical, but is in fact designed to phish for login credentials and financial details, or even trick the unwary into downloading ransomware.
According to the FBI, it is becoming increasingly common for such malicious ads to pose as links to cryptocurrency exchange platforms, as part of an attempt to allow criminals to break into innocent users' accounts and steal funds.
The FBI is careful to make the distinction that merely having a malicious ad appear at the top of your search results does not mean that your computer has been compromised, but rather that clicking on such a link could put a system at risk.
In some cases, the domains used by the criminals to host their webpages may be very similar to those of the legitimate business they are spoofing.
The FBI has a number of recommendations for individual internet users.
These include checking that the URL you are considering clicking on is authentic, and not one that appears very similar to the genuine domain, but with perhaps a typo, a lookalike character, or a misplaced hyphen.
To help avoid a potentially costly mistake, the FBI recommends that rather than search for a business or financial institution, users should simply type the business's URL into the address bar instead.
Furthermore, the FBI recommends that users run an ad blocker when using search engines to filter out adverts:
"Use an ad blocking extension when performing internet searches. Most internet browsers allow a user to add extensions, including extensions that block advertisements. These ad blockers can be turned on and off within a browser to permit advertisements on certain websites while blocking advertisements on others."
Such advice is unlikely, of course, to be popular with the tech giants who rely heavily upon the revenue generated by search engine ads.
Personally the only times I venture onto the internet without my trusty ad blocker is when I am intentionally investigating potential cybercriminal activity, or actually want my computer to be at risk of infection!
Meanwhile, businesses who believe themselves to be at risk from criminals who might create lookalike sites and purchase search engine ads to defraud the public, are advised to raise awareness of the problem amongst their userbase, provide clear guidance as to where legitimate official downloads for the company's programs can be downloaded, and use domain protection services to receive an alert when similar domain names are registered.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.