At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    FBI warns of search engine ads pushing malware, phishing

    The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges.

    In today’s public service announcement, the federal law enforcement agency said threat actors purchase advertisements that impersonate legitimate businesses or services. These ads appear at the top of search result pages and link to sites that look identical to the impersonated company’s website.

    “When a user searches for that business or service, these advertisements appear at the very top of search results with minimum distinction between an advertisement and an actual search result,” warns the FBI.

    “These advertisements link to a webpage that looks identical to the impersonated business’s official webpage.”

    When searching for software, the FBI says advertisements will link to websites with a download link to software named after the impersonated application.

    The FBI advisory also warns about ads promoting phishing sites that imitate finance platforms and, more specifically, cryptocurrency exchange platforms that invite visitors to enter their account credentials.

    Once credentials are entered on these phishing sites, they are stolen by threat actors who use them to steal funds or sell them to other threat actors.

    BleepingComputer recently helped reveal a massive typosquatting campaign using over 200 websites impersonating software projects, cryptocurrency exchanges, and wallet platforms to push Windows and Android malware.

    Earlier in the year, a site impersonating the GIMP image editor used malvertising to drop the Vidar info stealer on its unsuspecting visitors. While these advertisements looked like they were promoting the actual gimp.org website, as shown below, they redirected users to a different site pushing malware.

    Example of how tricky malicious ads can be
    Example of how tricky malicious ads can be (Morphisec)

    In another case from March 2022, operators of the Mars stealer abused Google Ads to promote a malicious Open Office lookalike site to distribute their malware. More recently, the SANS ISC disclosed an AnyDesk malvertising campaign on Google Search that dropped IcedID malware instead of the popular remote desktop app.

    How to protect yourself

    The most crucial precaution when looking for something online is not to click on the first thing that appears on the search results without checking its URL. As the first few results on a given search term are usually promoted ads, it is safer to skip them and scroll down until you see the project’s official website search result and use that instead.

    “While search engine advertisements are not malicious in nature, it is important to practice caution when accessing a web page through an advertised link,” warns the FBI.

    Furthermore, even checking the link may only sometimes help, as threat actors can create advertisements to display a legitimate URL but redirect users to cloned sites under the attacker’s control. Another recommendation is to use ad-blockers, which filter out promoted results on Google Search. If you visit a website frequently, it would be better to bookmark its URL and use that to access it instead of searching for it every time.

    With thanks to the Cyber Defence Alliance and Bleeping Computer. The full story is here: https://www.bleepingcomputer.com/news/security/fbi-warns-of-search-engine-ads-pushing-malware-phishing/

    Request A Demo: Security Awareness Training

    New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn’t a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4’s security awareness training and simulated phishing platform and see how easy it can be!

    Request a Demo!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/one-on-one-demo-partners?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top