My TechDecisions

Network Security, News

FBI: Beware of Search Engine Ads

Cybercriminals are using search engine ads to deploy malware and steal credentials, FBI says in new warning.

Leave a Comment

FBI search engine ads, tablet, Gartner, worldwide device shipments
stock.adobe.com/Teerasan

The FBI is urging organizations and their end users to be careful when using search engines as cybercriminals are using search engine advertisement services to impersonate brands and direct users to fake websites designed to steal credentials and deploy ransomware.

According to a public service announcement from the FBI, cybercriminals have been buying advertisements that appear within search results using a domain that is similar to an actual business or service. The ads being purchased appear at the top of search results, and it is difficult to differentiate between actual search results and ads.

The ads link to a webpage that even looks identical to the impersonated business’ official site, but the fraudulent website instead contains malicious links or fake credential forms designed to deploy malware or steal credentials and other financial information.

“These advertisements have also been used to impersonate websites involved in finances, particularly cryptocurrency exchange platforms,” the FBI says in the advisory. “These malicious sites appear to be real exchange platforms and prompt users to enter login credentials and financial information, giving criminal actors access to steal funds.”

Although search engine advertisements are designed to help businesses promote products or services, they are being exploited by malicious actors, so end users should be cautious, the FBI warns.

End users should check the URL before clicking on an advertisement to make sure it is authentic, the agency says. In addition, users should also simply find the business’ URL directly rather than searching for it and use ad blocking extensions when performing internet searches.

For businesses, the FBI recommends using domain protection services that notify the organization that similar domains are registered to help prevent domain spoofing. Businesses should also educate users about spoofed websites and cybersecurity basics as well as providing resources end users need to do their jobs so they don’t search for tools online.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Reader Interactions

Leave a Reply

Your email address will not be published.

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Download TechDecisions' Blueprint Series report on Security Awareness now!
Blueprint Series: Why Your Security Awareness Program is Probably Falling Short

Learn about the evolution of phishing attacks and best practices for security awareness programs to ensure your organization is properly prepared t...

Workplace Collaboration Tools for Corporate Spaces
Workplace Collaboration Tools for Corporate Spaces

From lobbies and shared spaces to conference rooms and multipurpose facilities, you need high-performing AV technology to effectively share informa...

ChatGPT, generative AI, enterprise, workplace
Blueprint Series: ChatGPT and Generative AI in the Workplace

This latest release of the TechDecisions Blueprint Series explores the new phenomenon of tools such as ChatGPT and how IT leaders should go about d...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ