Google launches a regular scams and fraud advisory

Google has launched an online fraud advisory due to the increasing volume and complexity of scams. This advisory will be regularly updated in order to raise awareness and keep individuals and organizations informed of the latest techniques deployed by malicious actors. For the initial advisory, five scam trends were noted: 

  1. Realistic impersonation campaigns of public figures 
  2. Cryptocurrency investment scams 
  3. Clones of app pages and landing pages 
  4. Cloaking of landing pages 
  5. Major event exploitation (natural disaster, sporting events, concerts, etc.) 

Below, security leaders discuss Google’s new advisory initiative. 

Security leaders weigh in 

Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4:

I welcome Google’s effort to raise awareness of ongoing scams and frauds. We should expect Google to protect its ranking algorithms from outside manipulation such as cloaking. However, even when Google has increased the robustness of its algorithms, we must understand that cybercrime syndicates are run as professional enterprises that enter a constant battle with defenders of organizations. In any case, it is imperative to raise awareness among users. It is great to see Google joining GASA and other associations where we have been working on the issues of employee training for many years.

James McQuiggan, Security Awareness Advocate at KnowBe4:

Cloaking is challenging because it influences visibility. For organizations, this means traditional security controls are likely to fall short against well-engineered cloaking techniques. The rise in these scams also underscores the significance of adaptive threat detection mechanisms that use machine learning models capable of recognizing pattern deviations in real time. Additional investments in threat intelligence should be considered to leverage continuous behavioral analysis. Organizations can uncover cloaked content that may otherwise bypass detection by recognizing user behavior anomalies rather than just malicious code.

Google’s alert also informs cybersecurity leaders and practitioners to consider a multi-layered security approach. Organizations can blend defensive practices with advanced analytics and leverage AI-driven detection systems to allow them to manage the ever-evolving threat landscape. This issue is not just about securing data but about maintaining a proactive outlook against the creativity of modern cyber threats.

Paul Bischoff, Consumer Privacy Advocate at Comparitech: 

Using a fake website to trick visitors into downloading malware or giving up their password is nothing new and is a hallmark of phishing. My takeaway is the tactic is increasingly being used to mimic employee login portals so that hackers can gain a foothold inside an organization’s network. From there they can plant ransomware and steal data from inside the company network, which is a lot more profitable than trying to scam individuals.

Chris Hauk, Consumer Privacy Champion at Pixel Privacy:

Hackers have long worked to attract users to malicious sites and apps and these latest scams are merely an extension of previous attempts. Hackers are exploring ways to use Artificial Intelligence to fool users into clicking on malicious links and attachments. Deepfakes and crypto scams continue to be popular among bad actors, especially during election years and other periods of upheaval.