The FBI recently released a Public Service Announcement that all online shoppers should read.

The Announcement outlines a scary scheme by cyber criminals, who “are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information.”

The cyber criminals purchase advertisements that appear in legitimate search engine results by using a domain that is similar to the real business. When a search is made for the legitimate business, the fake ads appear first in the search results. When a user clicks on the link, they are taken to a malicious website that spoofs the real one. The user is then prompted to download software that is malicious without their knowledge.

The FBI provides the following tips to respond to this threat:

The FBI recommends individuals take the following precautions:

  • Before clicking on an advertisement, check the URL to make sure the site is authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
  • Rather than search for a business or financial institution, type the business’s URL into an internet browser’s address bar to access the official website directly.
  • Use an ad blocking extension when performing internet searches. Most internet browsers allow a user to add extensions, including extensions that block advertisements. These ad blockers can be turned on and off within a browser to permit advertisements on certain websites while blocking advertisements on others.

Additionally, the FBI recommends businesses take the following precautions:

  • Use domain protection services to notify businesses when similar domains are registered to prevent domain spoofing.
  • Educate users about spoofed websites and the importance of confirming destination URLs are correct.
  • Educate users about where to find legitimate downloads for programs provided by the business.