The FBI issued a public service announcement warning that cybercriminals are impersonating brands via search engine advertisements to direct users to malicious sites.
According to the Dec. 21 PSA, the sites host ransomware and steal login credentials, and other financial information, particularly for cryptocurrency platforms.
The cybercriminals purchase the ads to appear within search results using domains that are similar to an actual business, but link to a webpage that looks identical to the legitimate business page.
If a user is searching for a program to download, the fraudulent page links to malware instead. For instances when a site impersonates financial organizations, particularly crypto exchanges, the sites prompt users to enter login credentials and financial information.
The FBI recommends:
- Make user the URL is authentic and without typos.
- Type in the business’s URL instead of searching.
- Using an ad blocking extension.