New Cyber Attack Targets Facebook Users Through Fake Ads On Google
JAKARTA - A cybersecurity expert named Justin Poli discovered a phishing attack when he typed 'Facebook' in Google's search bar to log into his account. The top result of the search led him to a fake site that allows criminals to access his computer. Then a pop-up shows that his email and banking passwords, Facebook accounts, and computer files have been hacked.
Although cybercriminals designed these malicious advertisements to go undetected, there is a way for users to protect themselves from fraud.
Poli shared the attack in a TikTok video, explaining what he found while trying to log in to Facebook, but was instead notified that his system was infected with a'mataware problem.'
"My first reaction was, how can Google let this happen? They shouldn't allow ads to be posted leading to phishing sites," Poli said.
We prohibit ads that use phishing techniques to gather valuable user information,' and add that prior to publishing this news, they had 'discontinued the accounts of the relevant advertisers for violating our advertising policies," a Google spokesperson told DailyMail.
"This problem cannot be solved in an easy way," Poli said, because phishing scams, also referred to as malvertising, allow fraudsters to outwit Google so they think the link is real.
This means anyone can pay for the ad to be a'sponsored' link that appears as the top result in the search bar and you can edit the URL to direct the user to a specific site.
The perpetrators of the crime can adjust the link to outwit Google so they consider it legitimate to use a tracking template that allows the person to reset the URL behind it to direct the user to another site.
Young people are reported to be more often deceived than those who are twice their age as they are more exposed to fake advertising.
If the link is seen to be linked to an ad, Google trackers won't mark it as a problem as the perpetrators use tracking templates that allow them to adjust the final URL - although not the same as the links that appear in the search results.
Although phishing ads usually don't last long, as the scams are expensive and people report it quickly, there are always other malicious links that are ready to replace it.
"It's like playing hackers with all these ads," Poli said. He added that there was no way for Google to monitor them, but he suggested that the tech giant should use artificial intelligence (AI) to check links more frequently.
SEE ALSO:
Google says it has thousands of people working around the clock to prevent fraud like this but advises users to always be careful and make sure the URL is accurate before sharing personal information.
Poli also recommends that people have ad blockers enabled on their phone or computer and never trust sponsored links to protect themselves from such scams.
Keeping the latest software and extensions up to date, including browsers, and avoiding using or allowing Flash and Java to run automatically while browsing the web are another tip to stop hackers.
"It's a bit annoying that we have to live with that," Poli said, "but that's how it is."
A survey by Deloitte in 2023 found that Gen Z - a person aged 14 to 26 years - is three times more likely to be deceived in online scams than the boomer generation - of people aged 58 to 76.