Fake Google ads strike again as cybercriminals continuously find creative ways to trick end users. This scam utilizes the brand Canva, and was identified by cybersecurity company, Malwarebytes. Canva is an online design and visual communication platform used by many marketing departments. Malwarebytes reports this ad as the top result provided by Google in the search results. This is worrisome as this ad looked like the real deal.
When ads attack
This isn’t the first time and certainly won’t be the last time a Google ad is actually a malicious link. Back in 2022, the FBI released an alert on just this very issue. The FBI at the time stated the following:
“The FBI is warning the public that cyber criminals are using search engine advertisement services to impersonate brands and direct users to malicious sites that host ransomware and steal login credentials and other financial information.”
Similarly to the warning from the FBI, Malwarebytes has identified the link in the Google search results that takes you to a malicious website impersonating the official Canva website homepage. Once at the malicious site, an alert supposedly from Microsoft pops-up. This pop-alert states that Windows has been locked due to unusual activity. The pop-up asks for a username and password for the user’s Microsoft account. It also has a phone number in case the user needs further assistance.
In this case, the cybercriminal is hoping the user supplies their username and password to Microsoft. The cybercriminal will then attempt an account takeover, locking the user out. The cybercriminal will also attempt to use the username and password on other account types.
How to identify
This is where it gets tricky, these fake Google ads are not always easy to identify. In this Canva scam, the URL used in the search results appears identical to the real website URL. Obviously once clicked on, the user goes to a malicious site with a different URL. Unfortunately for the user, the website is then spoofed to look identical to the real Canva site. Cybercriminals have gotten really good at imitating real websites, tricking even the most watchful eyes.
What can be done
Because of how good cybercriminals have gotten at imitating websites, we all need to build strong cybersecurity habits when going to a website. These next two tips is what can be done when going to a website.
For starters, it is best to type in the URL instead of just searching for the website and clicking on its link. By typing in the URL, one can ensure they are going to the legitimate site. That is as long as the typed in URL is the correct URL.
If one does not know the URL, then a search is necessary to find the site, So when looking at the search results, always highlight the link and check to see what the URL will go. Oftentimes the spoofed website will have an odd looking URL or sometimes a longer than expected URL.
Now let’s identify what a small business can do to protect their brand and protect against spoofed websites impersonating their business. A small business can use domain protection services to alert themselves when a similar domain name is registered. This will allow the business an opportunity to warn customers or even have the malicious domain be removed.
Subscribe to our monthly email newsletter to keep your small business up-to-date on all the latest cybersecurity news! For more information on protecting your small business from cyberattacks and other cybersecurity topics check out Small Business, Big Threat!