When shopping online, your first move might be to type in the product you’re looking for into a search engine like Google. Then you simply click one of the first few links that appear in your search results.
While it may seem to be the simplest approach, cybercriminals are well aware of this and are taking advantage of its weaknesses.
Let’s go through exactly how they’re doing this and what you can do to avoid clicking on those malicious links.
How are cybercriminals infecting links in my search results?
Malvertising is surging
The report we started tracking in February indicates a surge in malvertising. Malvertising, short for malicious advertising, is a technique used by cybercriminals to distribute malware through online advertisements.
Scammers create a fake ad
So, here’s how it plays out. Scammers will typically purchase ad space on legitimate platforms such as search engines, social media sites, or popular websites and then insert malicious code or harmful links into those fake Amazon or Microsoft ads that look legit so that it’s the first thing you see when you search for something related to that ad. When you click on these ads or interact with them, you may be redirected to websites that host malware or prompted to download files containing malicious software. That malware can harm your computer or allow the hacker to steal your personal information.
The links look almost identical to the real thing
Because Amazon and Microsoft are both big companies that most people buy from, and the links are right at the top, the chances of those fake links getting clicked on are much higher. Plus, the links are designed to look like they’re coming directly from the website, so people may not think to do a little digging before clicking.
MORE: OLDER AMERICANS ARE BEING TARGETED IN A MALVERTISING CAMPAIGN
How do I know if the sponsored ad is fake?
Check the website’s domain
Look closely at the domain name in the link. Scammers often create fake websites with domains similar to popular or trusted ones, intending to deceive you. For example, they may replace letters with similar-looking characters or add extra words. Verify that the domain matches the legitimate website you intend to visit.
Examine the website’s content and design
Take a close look at the website’s overall appearance, design, and content. Poorly designed or unprofessional-looking websites could be indications of malicious intent. Look for typos, grammatical errors, or suspicious content.
Carefully hover over the link
Hover your mouse cursor over the link (without clicking) to see the actual URL that appears in your browser’s status bar or tooltip. Verify that the displayed URL matches the link you expect to visit.
Be cautious with shortened URLs
If you encounter a shortened URL, such as those created by services like bit.ly or tinyurl.com, exercise caution. These links obscure the original destination, making it difficult to assess their legitimacy.
How can I prevent from being a victim?
Know the scammer’s techniques
Understanding how scammers target their victims is half the battle. Make sure you always stay up on the most recent techniques and the schemes they are using. If you are unsure of the shopping site, Google the name and the word ‘scam’.
Watch out for phishing emails and texts
If you get an email or a text message asking you to click a link either to view a product or verify your information, don’t fall for it. Scammers use this technique all the time to try to fool you. They’ll even pretend to be a real high-ranking official from the IRS or some other government organization to try to scare you into falling for their schemes.
MORE: WHY YOU SHOULD UPDATE YOUR MICROSOFT SOFTWARE NOW AND STAY PROTECTED
Keep an eye out for fake social media scams
You always want to be careful with what you post on social media. Scammers are constantly looking for those who overshare because they feel like easier targets. Make sure you think twice before you post, and watch out for any fake ads that might be posted to sites like Facebook and Instagram as well.
Avoid fake product reviews
Some scammers will even go as far as to post fake reviews for a product to make it look like it’s a good one. However, you can avoid these fake reviews by using a site like FakeSpot.com that grades the truthfulness of Amazon reviews. Check this website before trusting a random person online.
Use a secure browser
Consider using a browser that has built-in security features, such as phishing and malware protection. Browsers like Google Chrome, Mozilla Firefox, Microsoft Edge, Opera, and Brave offer such functionalities.
Enable two-factor authentication (2FA)
Whenever possible, enable two-factor authentication for your online shopping accounts. This adds an extra layer of security by requiring a secondary verification method, such as a unique code sent to your mobile device in addition to your password.
Keep your software up to date
Regularly update your operating system, web browsers, and other software on your device. These updates often include security patches that address vulnerabilities and protect against known threats.
Have good antivirus software on all your devices
Keeping hackers out of your devices can be prevented if you have good antivirus software installed. Having antivirus software on your devices will make sure you are stopped from clicking on any potential malicious links which may install malware on your devices, allowing hackers to gain access to your personal information.
Special for CyberGuy Readers: My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package.
Get my review of my best antivirus picks here
Kurt’s key takeaways
The biggest thing that I want you to take away from this article is to not just put all your trust into the first thing you see online. I know we all have a ton on our plates, and it would be great if we could just find the product we’re looking for in the first link we click, but just do your best to keep your eyes peeled. Trust me; you’d rather spend a little extra time online and get the product you want than click on something fake and risk your information getting stolen.
Have you seen any fake Amazon or Microsoft ads? How frustrating is it for you to have to worry about these fake ads? Let us know by commenting below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Related:
- Older Americans are being targeted in a Malvertising campaign
- Why you should update your Microsoft software now and stay protected
33 comments
Today, I searched for Amazon in Google and clicked on the sponsored link up top. It sent me to an obvious (to me) phishing site. The phishing site is now no longer available and the sponsored link now takes you to amazon. Very weird.