Malicious search engine ads drive latest phishing threat
New research from BlueVoyant shows the use of malicious search engine ads is on the rise and poses a significant threat to internet users and companies.
These ads can lead to phishing websites or malware downloads, putting personal, financial and corporate information at risk. For companies, a compromise via phishing can lead to brand reputation damage, financial loss, and loss of customer trust.
It's a difficult issue due to the complexity of monitoring and detecting online ad content as the vast and dynamic nature of the digital advertising ecosystem is exploited by threat actors for nefarious purposes.
Fraudulent search engine ads appear as benign advertisements, almost indistinguishable from legitimate ones. This makes them a highly effective distribution mechanism since users often rely on the top search result rather than directly typing in a domain.
Search engine advertising makes it easy to target particular groups, either by keywords, location or even the type of device they’re using. It obvious why this is attractive to cybercriminals as they are able to choose the most vulnerable and profitable victim profiles and present their ads only to them while evading detection by security vendors.
BlueVoyant has seen an increase of 28 percent in the creation of malicious advertisements and a substantial 50 percent upswing in the detection of large-scale campaigns in 2023 compared to the previous year, targeting mostly North America. According to analysis of recent phishing ads and their associated campaigns, close to 70 percent of ad-related websites detected are non-lookalike domains, with no similarity to the impersonated brand's domain name -- an advantage of gaining an ad click rather than relying on a link in an email which can be easily checked.
The report's authors note, "Ad accounts, tactics and guides for criminal activities employing search engine ads are slowly getting more traction in underground threat actor communities. BlueVoyant asses that as more knowledge get shared around the deep and dark web, coupled with the ease of creation and wide range of potential victims, phishing ad campaigns are likely to be on the rise."
You can get the full report from the BlueVoyant site.
Image credit: Rawpixel/depositphotos.com