Google Search Engine Is Becoming a Target for Cybercriminals

Malicious advertising campaigns, also known as malvertising, are becoming one of the biggest cybersecurity threats today. Cybercriminals are increasingly sophisticated in exploiting ads to infect users with malware and steal user information.

According to a report by the US cybersecurity software company Malwarebytes, in the third quarter of 2023, the number of malvertising attacks in the US increased rapidly, with an average increase of 42% per month. This shows that the situation is becoming urgent and timely countermeasures are needed.

Jérôme Segura, senior research director at Malwarebytes, issued a sobering warning about the current state of cyber security. “Every brand, big or small, is being targeted by cyberattacks, whether it’s phishing or malware. What we’re seeing is just a tiny fraction of what’s happening,” he said.

Fraudulent ads are becoming increasingly sophisticated and difficult to distinguish from legitimate ads. They appear as sponsored content naturally in search results on desktop or mobile, making it difficult for users to tell the difference. Even more dangerous, malware can hide in ads on reputable websites we visit regularly, creating a false sense of security.

Some scam ads are simply meant to entice users to click on them for illegal profit. However, the danger also comes from websites that have been hacked and installed with malware.

According to Erich Kron, a security expert at KnowBe4, a cybersecurity training and awareness company in the US, just by accidentally visiting such a website, users can be infected with malware without having to take any other action. This means that the risk of being attacked can occur even if we do not actively click on the ads.

Not only Google but also other reputable websites are in the sights of cybercriminals.

Malvertising is not a new problem, but cybercriminals are constantly improving their techniques, making them more sophisticated and almost unrecognizable. This is all the more dangerous given that many people trust Google search results implicitly.

However, it is important to emphasize that Google Search is not the only target of cybercriminals, other search engines such as Microsoft's Bing are also not out of the sights of cybercriminals. The core issue is that users need to be alert and vigilant with any information, especially advertisements, even when they appear on reputable platforms.

Google has become an integral part of our daily lives. We trust that any information that appears on Google is accurate and trustworthy. This blind trust has led many people to fall victim to malicious advertising.

As Professor Stuart Madnick of MIT Sloan School of Management (USA) pointed out: “When people see information on Google, they tend to believe that it is reliable information, without doubting its authenticity.”

Even on reputable websites that we regularly visit, the risk of encountering malicious ads is always present. Many of these ads are designed to look exactly like other legitimate ads, making it difficult for users to distinguish between real and fake.

The situation is similar to mail screening. How can each letter be checked to ensure that it does not contain any malicious content? Professor Madnick likened the detection and removal of malicious advertising to a postman having to check each letter to see if it contains malicious content.

Be careful when clicking on ads on reputable websites.

To protect yourself from malicious advertising, users need to be vigilant and proactive. One of the simplest ways is to avoid clicking on sponsored links that appear in online search results. Often, these ads are designed to grab your immediate attention with attractive offers, overly discounted prices, or unrealistic promises.

However, users should note that, right below these sponsored ads, there will often be organic, unpaid search results. These results are often more trustworthy because they are sorted based on the search engine’s algorithm, which prioritizes websites with quality content and relevance to the search keyword. Therefore, instead of rushing to click on the first ad, users should take the time to carefully review these organic search results.

Before taking any action on a website you've landed on from a sponsored ad, take a few seconds to double-check the URL in your browser's address bar. This is an important step to ensure you're on the right website.

Compare the URL in the address bar to the URL you typed into the search box or remembered. If any characters are different, or there are additional strange characters, you may have been redirected to a fake website.

Don't click on any other links on that site, and don't enter any information. In most cases, closing the browser window immediately is the best way to avoid trouble, advises Avinash Collis, assistant professor at Carnegie Mellon University's Heinz College.

Even if you are visiting trustworthy websites, you should be very careful when clicking on ads that appear on them. Security expert Erich Kron emphasized that many ads can exploit consumers' psychology of wanting to buy cheap by offering prices that are too attractive compared to the market.

For example, you are searching for a product on a reputable retailer’s website and suddenly see an ad for the same product at a much lower price. Instead of clicking on the ad, take the time to search for the product directly on the website of the retailer you trust. Most major retailers post special promotions and discounts publicly on their home page or product category pages.

In addition to avoiding clicking on links in sponsored ads, you should also absolutely avoid calling the phone numbers provided in these ads. This is one of the common scams that scammers often use to steal your personal information.

Attackers can use your calls to install malware on your device that can steal passwords, bank account information, and even remotely control your device, according to Chris Pierson, CEO of BlackCloak, a cybersecurity and privacy platform.

Turn off automatic downloads and update the system regularly

In addition to being cautious with online links and ads, users should also proactively protect their devices by:

Turn off automatic downloads:Many software and applications can automatically download and install updates, extensions, or other unwanted software. This feature, if not managed carefully, can cause many security risks. Go to the settings of the software and applications and completely disable or customize the automatic download features.

Update your operating system and browser regularly:Software developers regularly release updates to patch security holes. Not keeping your operating system and browser up to date can make your device a target for hackers. Set your system to update automatically or check for updates yourself.

In today’s digital world, with millions of advertisements flooding the Internet, the risk of encountering cyber security threats is inevitable. Hackers are becoming more sophisticated and using sophisticated fraud methods to steal personal information and assets of users. Professor Madnick gave a very good advice: “You should assume that this can happen to you no matter how careful you are.”