The FBI recently released a statement warning people of search engine brand impersonation by cybercriminals. Search engine brand impersonation is a tactic being used by cybercriminals that you should be wary of and take precautions against.
What is Search Engine Brand Impersonation?
Over 105,000 search queries are made on Google every second. And that doesn’t account for the thousands of searches made on other search engines. Search engine brand impersonation occurs when a cyber criminal purchases a domain similar to that of a legitimate company. They then often pay for ad space on the search engine. These ads appear at the top of the search engine results page (SERP)―above any organic results. Cybercriminals use these sites to steal financial information, login credentials, or install harmful malware on your device.
Examples of Search Engine Brand Impersonation
Cybercriminals often target commonly-searched brands such as Amazon, Netflix, or Dropbox. Often, malicious domains misspell the brand name or have a similar domain. For example, if you are searching for ExampleSoftware.com, a cybercriminal may purchase ExampleSofware.com or ExampleSoftwares.com. If they pay for an ad, their fraudulent result will appear first on the SERP. Unsuspecting customers may click on this result instead of the legitimate site.
This especially happens on sites where you download a file or software. Cybercriminals impersonate the legitimate brand, and victims end up downloading dangerous malware onto their computers.
Protect Yourself from Brand Impersonation
While search engine algorithms do what they can to crack down on cybercriminals, using search engines to impersonate brands is an increasing tactic. It is important to watch out for these tactics to protect yourself and your business.
Here are a few tips to protect yourself from falling prey to search engine brand impersonation.
- When you are making an internet search (especially to download a file or software), scroll past the paid results to the organic search results
- Always glance at the site URL to make sure it is legitimate
- When possible, go to the site directly using the URL instead of via the SERP
- Install an adblocker that runs while you make internet searches
- If you own a business, make sure your business is covered with adequate cyber insurance coverage
Protecting Your Business
Businesses should take these precautions to prevent being impersonated by cybercriminals.
- Use domain protection services to notify your business when similar domains are registered
- Sign up for Google Alerts that notify you when your brand is mentioned online
- Make it clear to clients exactly where you provide legitimate downloads
Cybercrime is Not Always Obvious
Most cybercrime is not as obvious as the call your grandma got about her extended car warranty. The FBI estimated that almost $7 billion were lost to cybercrime in 2021. Regardless of your age, it is important to watch out for dangerous cyberattacks.
If you have any questions about search engine brand impersonation, cyber insurance, or other cybersecurity or insurance related topics, our team at Veritas Risk Management would be happy to speak with you.