FAKE ads with the same URL as the websites they are copying are running rampant online and they’re impossible to detect until it’s too late, a cybersecurity expert has warned.

However, there is one hack all tech users must know to avoid a bank-raiding trap.

These fake adverts are indistinguishable from real ones

2

These fake adverts are indistinguishable from real onesCredit: Malwarebytes
Cloaked websites are also often tied to decoy pages

2

Cloaked websites are also often tied to decoy pagesCredit: Malwarebytes

So-called ‘malvertising’ has had a resurgence online since the tail end of last year.

This is when scammers use an old trick called cloaking, which masks a websites real URL to advertise malware-infected links.

But in recent cases, these URLs have been identical to real, frequently visited sites.

In a report published last week, director of threat intelligence at cybersecurity company Malwarebytes, Jérôme Segura, revealed a malicious malvertising campaign where fraudsters impersonated Amazon on Google Chrome.

Billions of Android and iPhone users warned over 'sinister deep fake AI call'
Google warns all Android users to delete app if they see red flag pop-up

These fake adverts are indistinguishable from real ones.

Speaking to The Sun, Segura explained that web users can no longer trust the first link that appears on a search engine, even when it’s a big brand.

“We can’t blame people for clicking on them, especially when ads are being impersonating,” he said.

“Its not their fault.”

Most read in Tech

The fault lies with the search engines, he added.

“People, myself included, tend to visit the same websites everyday. Most people go to YouTube or Facebook.

“We open the browser, which happens to be Chrome in most places, and we just type the name and click whatever comes first.”

Those days are gone.

Recently, “we have ads that are malicious that are shown at the top [of the browser page],” said Segura.

“I’m still a bit puzzled as to why its so easy.

“A lot of the time what I see is those [scam] advertisers are using specific services to do cloaking and that in itself should raise a flag to Google.”

The Sun has contacted Google for comment.

Malverts aren’t everywhere, and if “you don’t type the URL, you don’t click on an ad, you just click on an organic result from the search engine – that usually works well,” added Segura.

But doing this doesn’t make you immune to another type of fraud called SEO poisoning, where scammers ‘game’ the search engine to position high up on the page, he continued.

Cloaked websites are also often tied to decoy pages.

Sometimes the decoy page will be displayed during specific hours of the day to avoid detection, and then other hours – maybe when there’s more traffic among the targeted demographic – the malicious page will be pushed instead.

However, Segura does have one trick up his sleeve to try and eliminate the risk of clicking a cloaked link.

If you visit the intended one and are certain that it’s legitimate, bookmark it.

That way you have access to the real site, no matter what comes up in your search engine results.

Alternatively, web users can download a free extension from Malwarebytes called Browser Guard – which is not only an ad blocker but helps the cybersecurity firm maintain a data base of malicious sites.

This helps expose the infrastructure that criminals use for cloaking, which will also be blocked.

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered…


We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]


This post first appeared on Thesun.co.uk

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

iPhone 150! Experts predict what smartphones will look like in the future – from self-repairing screens to solar-powered charging

It might only feel like yesterday that the new iPhone 15 was…

Six revelations from NASAs public UFO meeting 

The first-ever public meeting of NASA‘s ‘independent study group’ on UFOs dropped…

Brexit ‘cliff edge’ poses threat to UK electric car production, warns industry chief

Head of SMMT raises concerns over tightening of trade rules from January…

U.S. Suppliers Halt Operations at Top Chinese Memory Chip Maker

BEIJING–U.S. chip equipment suppliers are pulling out staff based at China’s leading…