During the upcoming holiday season, it will be important to be on the lookout for special holiday-related scams on the internet. Online shopping scams, phishing scams, delivery notification scams, non-delivery scams, gift card scams, and more have all been known to rise dramatically during the holidays. Nowadays, people get much of their Christmas shopping done online, and hackers and scammers have been known to take advantage of this rise in internet traffic. According to the FBI, thousands of people become victims of holiday scams every year. The hustle and bustle of the holiday season, although it can be the most beautiful time of year, sets the stage perfectly for online scammers to attack.
One newer scam to be on the lookout for this season is fraudulent Google ads. Almost every time a user searches something on Google, relevant ads will pop up at the top of the search results. Oftentimes the user ends up clicking on at least one of these ads, since they are easy and convenient at their position atop all the other results. However, scammers have now figured out how to infiltrate these first few results and trick you into downloading malware onto your computer. These bad actors have been able to create search ads disguised as legitimate companies, even with convincing URLs. And, unfortunately, these fraudulent ads are sometimes disguised so well, they can be extremely hard to spot.
In the ads, scammers have been able to create URLs that look nearly identical to the legitimate company’s URL. This tactic is called a homograph attack and, although the concept is not new, it has never before been seen used in fraudulent search result ads. Before, fraudulent ads could be spotted since the URL did not look like the real company’s URL. Now, though, scammers are using something called Punycode in order to make URLs that look completely authentic. Basically, Punycode can make two different characters look the same on your computer, so a scammer could utilize this technology to make a fraudulent URL look exactly like a legitimate URL in a Google ad. TechSpot provides a good real-life example of this type of scam and how it worked.
In their article, they point out a scam recently discovered by Malwarebytes. This scam featured a malicious Google ad that mimicked the company KeePass, an online password manager program. The bogus URL in the fraudulent KeePass ad looked identical to the authentic one, making it virtually impossible to notice. The only sign that these fraudulent ads are malicious can be spotted after clicking the ad and going to the fraudulent website. Here, in the address bar, the fraudulent web address can be seen. However, they are still hard to spot. In the KeePass scam, the fraudulent address that can be seen in the address bar is still almost identical to the real address, the only difference is a small dash that can be seen under the ‘k’. So, instead of using the character ‘k,’ the scammers used the character ‘ḳ.’ Tricky, right?
Things get to be hurried during the holidays and it’s easy to try to get something done or a gift purchased quickly online before a lunch break ends or you have to leave to the next holiday party, but resist the temptation to rush. Take the time to really look over the URLs you are visiting, scrutinize the text and logos for any anomalies, type in the URL of a known site directly instead of following a link… it’s all worth taking the time! Also, get protected with services such as anti-virus and malware protection or spam filtering!
Read our previous post here: Hackers Are Now Using Irritation to Circumvent MFA