FBI warns that 'phishing site is showing as search ads'

According to the Federal Bureau of Investigation (FBI) in the United States, ' Phishing sites are displayed in advertisements displayed as search results and high-ranking search results, and there are frequent cases where login information of financial institutions is illegally obtained.' I issued a warning.

FBI warns of cybercriminals abusing search ads to promote phishing sites | The Record by Recorded Future
https://therecord.media/fbi-warns-of-cybercriminals-abusing-search-ads-to-promote-phishing-sites/

According to the security news site The Record, the FBI sent a document to a private business partner, 'a cybercriminal group used search-linked advertising to lure them into phishing sites disguised as financial institutions to collect login information. It turned out to be. ' The FBI states that the total damage caused by this method is about hundreds of thousands of dollars (tens of millions of yen).

As a rule of thumb, the FBI said, 'If you enter your login information on a phishing site disguised as a financial institution, you'll get a call from someone who claims to be a financial institution. The login information obtained by one of the group members is used to access the financial institution and execute the telephone transfer. The victim finally notices the damage by accessing the site of the real financial institution. ' thing.

'Crime groups initially used search-linked phishing scams, but are gradually building phishing sites that can be displayed at the top of search results without relying on ads,' said Cimpanu of The Record. Explains. The FBI says that 'these phishing scams have been around since March 2021 at the latest,' but Cimpanu suspects that they have been around since mid-2020 at the latest. I will.

Scheme isn't new. It started becoming extremely popular last year. See some of @benkow_'s tweets on this: https://t.co/9WxNJicTef

— Catalin Cimpanu (@campuscodi) May 12, 2021

Benoit Ancel, a security researcher at CSIS Security Group , also warned about search advertising phishing scams from around September 2020. It's difficult. '

And it's a threat very hard to catch. They buy 400/500 clicks a day to Google and the ad disappear. You have to be here at the right moment of the day in the right country looking for the right bank.

— Benkøw moʞuƎq (@benkow_) September 3, 2020

'Search advertising phishing scams have been used for the past few years and are gaining momentum, especially after malware distribution methods such as email spam have begun to become ineffective due to countermeasures,' said Cimpanu.