Google OK’d ads that led to a fake password manager site - Protect yourself
Heads up: Google has been caught hosting an ad that’s not just fake — it’s convincingly fake. We’re talking about an ad masquerading as the open-source password manager KeePass. And the kicker? Even security buffs might be falling for it.
The devil’s in the details
The fraudulent Google ad leads you to what appears to be the genuine KeePass website, but it’s a trap. The folks at Malwarebytes found it’s actually a lookalike site pushing malware known as FakeBat.
According to Google’s Ad Transparency Center, the ads were paid for by a verified advertiser named Digital Eagle. Yep, you read that right. Google verified these guys! The tricky part? The site uses an encoding scheme called Punycode to appear authentic.
Punycode’s been aiding and abetting scams for a while. It changes the way URLs appear without the regular tipoffs. Remember that fake brave.com site a couple of years ago? Yeah, Punycode was behind that, too.
How to spot the fakes
Listen, there’s no foolproof method to steer clear of malicious ads or Punycode URLs, but here are some pointers:
1. Maintain a healthy skepticism
If something seems too good to be true or slightly off, pause and think before clicking.
2. Manual URL entry
Type the URL yourself into a new browser tab. It’s a bit tedious, but it’s one of the most effective ways to dodge lookalike websites. At the very least, scroll down to the organic results past the ads.
3. Inspect the TLS certificate
Quick security fix: Stop clicking Google's 'sponsored' results
What should be a simple Google search can quickly turn into a nightmare if you aren’t careful. Not everything you see on the internet is safe, and just because it’s on the tech giant’s platform doesn’t mean you should click it.
Stop looking for free software this way - It's a malware trap
The Google Ads network is home to many seedy individuals, and this new development sheds light on how dangerous your search results can be. What is malvertising? What can you do to protect yourself? Tap or click here for everything you need to keep your data safe.
Watch out! A malicious ad is the top result when you search for this company on Google
So many different scams have transpired over the past year that it can be hard to keep up with new ones. The COVID-19 pandemic has opened up new ways for cybercriminals to target people on the web.
Think about all the COVID-related scams we’ve seen over the past few months alone. There have been tons of vaccine scams, stimulus check scams and even disinformation campaigns targeting people looking for vaccine information. This COVID vaccine scam is particularly nasty – here are the signs to watch for.
Billions of PC users at risk: Adult websites infected with malware
It should go without saying, but some websites are much more dangerous than others. Third-party app stores, for example, are home to tons of nasty malware and spam apps. But there’s no question that porn sites take the cake when it comes to malware and hacking risks.
Check your phone! 7 scam apps with millions of downloads
Malicious apps are a plague that people have been dealing with for years now. But as bad as these apps are, they tend to have one saving grace: You usually have to go out of your way to find them.
Sure, sometimes malicious apps will disguise themselves as legitimate ones in order to trick people into downloading them. But more often than not, the most dangerous scam apps are found on third-party app stores. Tap or click here to see why this third-party app store should be avoided at all costs.