FBI recommends ad blockers to protect against malware, phishing attacks

The Federal Bureau of Investigation is warning that cyber criminals are increasingly pushing malware, ransomware, and phishing attacks through major search engine advertisements.

The FBI explains that cyber criminals “purchase advertisements that appear within internet search results using a domain that is similar to an actual business or service,” which tricks users into going to a website that looks identical to the legitimate official website.

Once the user is tricked into downloading software they believe to be legitimate, such as GIMP (a free, open-source photo imaging editor), the device is now infected with malware. The download may look legitimate with a file name of the software they believe they are downloading.

BleepingComputer found that a search for GIMP returns a malicious ad. While it displays the legitimate website—Gimp.org—it actually redirects users on clicking the ad to a different, malicious website pushing malware.

Of note, financial and cryptocurrency scams appear to be the most popular occurrences for malicious search engine advertisements, according to the FBI.

The FBI recommends individuals take the following precautions:

• Before clicking on an advertisement, check the URL to make sure the site is authentic. A malicious domain name may be similar to the intended URL but with typos or a misplaced letter.
• Rather than search for a business or financial institution, type the business’s URL into an internet browser’s address bar to access the official website directly.
• Use an ad blocking extension when performing internet searches. Most internet browsers allow a user to add extensions, including extensions that block advertisements. These ad blockers can be turned on and off within a browser to permit advertisements on certain websites while blocking advertisements on others.

The FBI recommends businesses take the following precautions:

• Use domain protection services to notify businesses when similar domains are registered to prevent domain spoofing.
• Educate users about spoofed websites and the importance of confirming destination URLs are correct.
• Educate users about where to find legitimate downloads for programs provided by the business.

The FBI is also still investigating an attack on its cybersecurity and critical infrastructure platform InfraGard, which was breached earlier this month.