I am seeing a rise in phishing websites; here’s some info on what you watch out for!
When you use a search engine, cybercriminals can game the results. They have ways to get their fraudulent websites to rise to the top of the page, and one method for this is simply to pay for ad placement. Check out this example:
I went to the Bing search engine and typed in the name of a local credit union. The first three results look like what I wanted, but they actually go to phishing websites. These phishing sites seem like the real deal, and offer convincing graphics and login fields. But anyone duped by these impostors may end up giving their banking passwords to crooks!
Also understand: This type of phishing isn’t just for financial sites. Recently, Cory Doctorow was shanghaied by a phishing result for the Thai restaurant he wanted to order from.
Protections
To protect against this rubbish, first please be on the lookout for the small markers next to search results that say “Ad” or “Sponsored”. Ignore or bypass any search results with those indicia.
Consider installing a browser extension that judges and rates your search results. Bitdefender Trafficlight puts a marker next to search results, to let you know what’s good or bad before you click on anything.
Change your browser’s search engine. If you explore your browser’s Settings or Options, there will be a menu or other way to set your default search provider. Right now, I see Bing and Yahoo being exploited the most. Stay away from AOL or Ask.com. Google might be safer. DuckDuckGo appears to be a great and safe choice, for now.
Install an ad-blocker into your browser. I consider ad-blocking to be your second line of defense (after your antivirus), and good free ad-blockers are widely available. This sort of tool might suppress some of the sponsored links you might otherwise encounter.
Bookmark your financial and most important websites in your computer’s web browser. Use your bookmarks more and your search engine less to get to things you visit daily.
On mobile devices, bookmarks are good, but apps are better. If your bank or other important company offers a dedicated, branded app, use it! Download it from the app store and use it instead of loading their site in your browser.
Reactions
If you encounter a phishing website, consider reporting it. The sooner a bad site is reported, the faster it may be removed from the internet.
- The FBI’s Internet Crime Complaint Center wants to know about phishing sites
- Google’s Safe Browsing team accepts reports of phishing sites.
- Microsoft wants your reports about phishing attempts.
If you were duped by a fraudulent website, take action as soon as you figure things out. Change any passwords you may have submitted to the bad site, and contact any financial institutions that you may have shared or used when you were phished. If you haven’t already, ask your bank about activating 2FA protection for your accounts.
And in general, give the real company a heads-up about what you’ve encountered. They may appreciate knowing about the impostor efforts out there.