December 23, 2022

The Federal Bureau of Investigation (FBI) has issued a new threat alert about cyber criminals impersonating brands and using search engine advertisement services to defraud users.

The December 21, 2022, public service announcement stated that threat actors are purchasing these ad services to impersonate brands in order to lure users to malicious websites.

These sites, which “look exactly like the impersonated business’s official webpage,” tempt victims to download malware or enter login credentials and financial information, the FBI said.

Cyber criminals buy ads that appear in web search results by using a domain that looks similar to a legitimate business. These advertisements link to a webpage that is identical to the impersonated business and contains links to download malware-infected software. The download page appears to be legitimate, and the download is named after the program that the user intended to download. These cyberattack methods have also been used to impersonate financial websites, particularly cryptocurrency exchange platforms.

The FBI then advises users to verify the URL before clicking, to type the business url directly into the search engine rather than looking up the business, and to install an ad blocking extension.

The sources for this piece include an article in ic3.