The Weekly Breach Breakdown Podcast by ITRC - Google Search & Destroy - S5E6

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for February 16, 2024. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we discuss a rise in Google Ads scams while people try to use the Google Search tool.

Google Ads Scam Rise

Google is one of the world’s most popular search engines and is the go-to platform for many people to search for applications. However, the rise in Google Ads scams on Google Search has made looking for software online risky. Recently, cybercriminals have been running malicious ads on the platform to trick people into downloading booby-trapped copies of popular free software applications.

FreeCAD Google Ads Scam

One example is the free graphic design program FreeCAD. A Google search for FreeCAD produced a “Sponsored” ad at the top of the search results advertising the software available from freecad-us.org. Although this website claims to be the official FreeCAD website, that honor belongs to the result directly below the fake sponsored search return—the legitimate freecad.org.

These malicious ads appear above organic search results and often precede links to legitimate sources of the software they imitate. As a result, searching for software on Google has become a risky affair. Despite Google’s efforts to keep users safe, cybercriminals constantly find new ways to fly beneath the company’s anti-abuse radar.

How Identity Criminals Conduct Google Ads Scams

Although Google says maintaining a safe ads ecosystem and keeping malware off its platforms is a priority, cybercriminals often employ sophisticated measures to conceal their identities and evade Google’s policies and enforcement. Their process typically includes Google reviewing the ads in question, removing those that violated its policies and suspending the associated accounts.

Google Ads Safety Report Findings

Google’s latest ad safety report says that in 2022, Google blocked or removed 1.36 billion advertisements for violating its abuse policies. That same year, Google also removed 5.2 billion ads, restricted more than 4.3 billion ads and suspended over 6.7 million advertiser accounts. However, this isn’t enough to stop cybercriminals from running malicious ads.

How to Reduce Your Risk of Falling Victim to a Google Ads Scam

To avoid a Google Ads scam, here are three tips to help you stay safe when searching for and downloading software online:

1. Stick to reputable sources: Only download software from known application marketplaces like the Apple App Store, Google Play or Microsoft Apps. Direct downloads can be filled with malware or other software bugs that can damage your devices and may not come with the option to update the app automatically in the future.
2. Be wary of sponsored ads: Sponsored ads often appear at the top of search results and are more likely to be malicious. Be sure to verify the legitimacy of the website and company before searching for software in an app store. Start by comparing the web address in the ad with the actual web address of the software provider.
3. Keep your software up-to-date: Keeping your software up-to-date is crucial to staying safe online. Cybercriminals often exploit vulnerabilities in outdated software as part of a cyberattack. Ensure you have your devices and apps set to “auto-update” to ensure you receive – and apply – any security or feature updates in the future.

Contact the ITRC

If you want to know more about how to protect your business or personal information, Google Ads scams, or think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Next week, we will have an episode of our sister podcast, the Fraudian Slip, discussing the role biometrics can play in devaluing stolen data. You can download a copy of the ITRC’s discussion paper on biometrics at www.idtheftcenter.org/publications or click here. We will return in two weeks with another episode of the Weekly Breach Breakdown.