How cybercriminals use Google Ads to mislead their victims
People are getting smarter and more aware of the possible threats and techniques of cybercriminals. Thanks to the many awareness campaigns and trainings, employees know not to open an attachment in a sketchy looking email, your grandmother learnt not to send money to that Nigerian prince, and companies are implementing more security measures. Cybercriminals have to evolve. They need to look for new ways to trick their victims and gain access to their data. Unfortunately, they found a new way … via Google Advertising.
A deep-rooted trust in Google
Google is one of the biggest search engines available. Over the past 20 years we all started to heavily rely on those search engines. We assume we can trust Google when clicking on a link in the search results, especially when it comes to advertisements shown on top of the page. Advertisers have to pay for that visibility. Surely, they can be trusted, right?
Unfortunately, the answer is no. Hackers discovered a way to use Google Ads and people’s trust to their advantage. Cybercriminals are capable of creating advertisements that look just like the real deal but navigate to another URL.
In this example, someone is looking to download the photo editing software by GIMP. When they looked up the software’s name, the first result is an advertisement, looking believable and trustworthy. But notice how the URL differs slightly from the actual website? Before you know it, you click on the ad, are redirected to the cybercriminal’s website, and download malicious software, giving the hacker access to all your personal data, your accounts and passwords, your bitcoin wallet, etc.
How to protect yourself?
As usual, it’s important to pay attention to URL’s before clicking on them. Always double check where you are directed to. ‘GYIMP’ is not the same as ‘GIMP’. Keep in mind it’s possible for cybercriminals to exploit Google Ads, and inform your friends, family, and colleagues.
Secondly, install an adblocker. Most browsers offer the settings to block advertisements, but it’s smart to install an adblocker extension as well, just to be sure.
How to protect your company?
- DNS security: cybercriminals only recently started to abuse Google Ads. Most of those malicious websites are newly created. When those domains are known or marked as newly-seen, they automatically get blocked, preventing the user from downloading the software.
- VPN/Firewall: all internet traffic passes through an extra security layer, elevating the chances of blocking possible threats before they can do any damage.
- Endpoint security: an endpoint detection and response tool investigates suspicious behavior of software. In the case of the photo editing software, it would notice the virus and block the software before it can gain any accesses.
- Spotit managed SOC: our security analysts monitor your environment 24/7. When our endpoint security detects and blocks something suspicious, our cybersecurity experts will investigate the issue and determine how to proceed with isolating the threat and preventing it from ever happening again.
- Security awareness training: inform your employees. Make sure they stay up-to-date on recent new threats and technologies hackers use to mislead their victims. Keep cybersecurity high on everyone’s agenda.
Are you interested in learning more about any of the discussed solutions? Do you wish to set up a meeting with one of our specialists to elevate your cybersecurity?