Cybersecurity firm BlueVoyant has released a new report highlighting the increasing exploitation of search engine ad infrastructure by threat actors to phish unsuspecting users.

The report, titled 'The Growing Threat of Search Engine Ads', underscores the growing use of malicious search engine ads, which pose a significant threat to internet users and companies globally. These ads can redirect users to phishing websites or trigger malware downloads, thereby risking personal, financial, and corporate information.

"The use of malicious search engine ads is on the rise and poses a significant threat to internet users and companies worldwide. Instead of a link from an ad leading you to your bank's login page, it can instead lead to a phishing website or malware download - risking personal, financial, and corporate information," said BlueVoyant VP, Asia Pacific & Japan, Sumit Bansal.

Threat actors use various customisation options available for advertisers to display the ads only to specific users who meet predefined criteria, targeting the most vulnerable and profitable victim profiles while helping to evade detection. To further avoid detection, threat actors employ unique session cookies for users redirected to the site from the ad. This makes it difficult for bots or security vendors to detect the phishing content.

The report found that phishing ads often link to domains that impersonate the brand being targeted, adding another layer of deception. To execute these malicious ad campaigns, threat actors typically acquire compromised ad accounts from deep and dark web communities.

BlueVoyant's report recommends that enterprises, particularly financial institutions, monitor for suspicious search engine ads that could be impersonating the company's brand.

"Organisations should also report all fraudulent websites and associated ads. Enterprises should also raise awareness about the dangers of search engine ads among clients and employees and advise them to bookmark legitimate websites," said Bansal. "Organisations should consider working with a Digital Risk Protection vendor with ad detection and analysis capabilities to proactively detect and take down malicious search engine ads and their related phishing websites."