Google has discovered that attackers are using techniques such as landing page cloaking to spoof, pretending to be legitimate sites.
“Masking is specifically designed to prevent systems and moderation teams from viewing content that violates policy, allowing them to deploy scams directly to users,” Laurie Richardson, vice president and head of trust and security at Google. said.
“Landing pages often mimic well-known sites and create a sense of need to manipulate users into purchasing fake or unreal products.”
Masking refers to practice providing various content to search engines such as Google and users with the ultimate goal of manipulating search rankings and deceiving users.
The tech giant said it is also seeing a cloaking trend, where users clicking on ads are redirected via tracking patterns to malware sites that claim their devices are compromised by malware and take them to other fake customer support sites that trick them into revealing confidential information.
Listed below are some other recent tactics by scammers and cybercriminals –
- Abusing artificial intelligence (AI) tools to create deepfakes of public figures, using their authority and reach to commit investment fraud
- Using hyper-realistic simulation to fake crypto investment schemes
- Clone app and landing page scams that trick users into visiting similar pages of their legitimate counterparts, leading to credential or data theft, malware downloads, and fraudulent purchases
- Using big events and combining them with AI to trick people or promote non-existent products and services
Google told The Hacker News that it intends to release such guidelines every six months on Internet fraud and scams as part of its efforts to raise awareness of the risks.
Many scams related to cryptocurrency such as butchering of pigs come from Southeast Asia and rule a organized crime syndicates from China, luring people with the prospect of high-paying jobs, only to be restricted within borders fraud factories located in Burma, Cambodia, Laos, Malaysia and the Philippines.
A report released by the UN last month revealed that crime syndicates in the region are energizing by rapidly integrating “new service-based business models and technologies, including malware, generative artificial intelligence and deepfakes, into their operations, while opening up new underground markets and cryptocurrency solutions for money laundering.”
The United Nations Office on Drugs and Crime (UNODC) has described the incorporation of generative artificial intelligence and other technological advances in cyber fraud as a “powerful force multiplier” that not only makes it more effective, but also lowers the bar of entry for less technically savvy criminals.
Earlier in April, Google sued two app developers based in Hong Kong and Shenzhen for distributing fake Android apps that were used to defraud consumers of their investments. Late last month, the company, along with Amazon, sued against the website Bigboostup.com for selling and posting fake reviews on Amazon and Google Maps.
“The website sold fake product reviews to attackers for posting on their product listing pages in the Amazon store and fake reviews for business listings on Google Search and Google Maps,” Amazon said.
The development comes just over a month after Google announced partnering with the Global Anti-Fraud Alliance (GASA) and the DNS Research Federation (DNS RF) to combat online fraud.
In addition, the company said in 2023 alone, it blocked or removed more than 5.5 billion ads for violating its policy, and implemented real-time fraud detection in its Phone app for Android to protect users from potential fraud and scams by using Gemini Nano on device AI model.
“For example, if a caller pretends to be from your bank and asks you to transfer funds urgently due to a suspected account hack, Scam Detection will process the call to determine if the call is spam and, if so, can provide an audio and tactile alert and a visual warning that the call may be a scam,” it said.
Another new security feature is the introduction of real-time alerts Google Play Protection to notify users of potentially malicious software, such as stalkerware, installed on their devices.
“By looking at actual app activity patterns, Real-Time Threat Detection can now find malicious apps that go to great lengths to hide their behavior or are dormant for a while before starting suspicious activity,” Google said.
