The FBI warns that threat actors are using search engine advertisements to promote websites distributing ransomware or stealing login credentials for financial institutions and crypto exchanges.
In today’s public service announcement, the federal law enforcement agency said threat actors purchase advertisements that impersonate legitimate businesses or services. These ads appear at the top of search result pages and link to sites that look identical to the impersonated company’s website.
“When a user searches for that business or service, these advertisements appear at the very top of search results with minimum distinction between an advertisement and an actual search result,” warns the FBI.
“These advertisements link to a webpage that looks identical to the impersonated business’s official webpage.”
When searching for software, the FBI says advertisements will link to websites with a download link to software named after the impersonated application.
The FBI advisory also warns about ads promoting phishing sites that imitate finance platforms and, more specifically, cryptocurrency exchange platforms that invite visitors to enter their account credentials.
Once credentials are entered on these phishing sites, they are stolen by threat actors who use them to steal funds or sell them to other threat actors.