Search Engine Sponsored Ads May Carry Malicious Payloads

The FBI and numerous cybersecurity analysts warn of a spike in “malvertising” campaigns that exploit sponsored ads on search engines such as Google and Bing. Officials say scammers are spoofing ads that appear at the top of search result pages, redirecting users to malicious websites where they are tricked into downloading malicious software or revealing passwords and other sensitive information.

According to the FBI, scammers create bogus ads that mimic real businesses or services and use similar domain names. When certain keywords are entered into the search engine, the ads get loaded to the top of the result pages. Anyone clicking on the ad is then redirected to a fake site. Google removed more than a billion such spoofed ads last year, but they continue to spread.

Following are some suggestions for protecting yourself and your organization from these dangerous campaigns:

  • Don’t click on sponsored ads in your search results. Instead, type the business’s URL into your browser’s address bar to access the official website directly, or click on an actual search result (not the ad).

  • If you must click on an ad, doublecheck the URL links for accuracy. In particular, look for typos or misplaced letters.

  • Ad blockers and script blockers create an effective first line of defense. These tools prevent malicious ads from loading, significantly reducing the risk of “malvertising” attacks.

  • Regularly update operating systems, browsers, and security software to ensure you have the latest security features.

  • Learn to recognize the signs of “malvertising”, including unexpected pop-ups, redirects or suspicious download prompts. Always be skeptical when dealing with online ads.

  • Using a VPN when not on the secured office network can add another layer of security by encrypting Internet connections. This will safeguard sensitive data and make it more challenging for scammers to track or exploit user information.

  • Use antivirus — most products offer web protection features that detect malicious domains and IP addresses.

BlogJack CohlmiaAds, Cybersecurity, Internet Security