Friday, December 27, 2024

Google Issues New Security Cloaking Warning As Attackers Use AI In Attacks

Must read

You hardly need telling that scams, fraudulent cyber attacks, whatever you want to call them have been increasing in volume over the last few months. If you do, then that’s precisely what Google’s vice-president for trust and safety, responsible for leading the global team protecting users from such abuse, has done in a Nov. 14 posting to Google’s safety and security news pages. Two of the reasons behind this increase can be found in the form of landing page cloaking techniques and, inevitably, AI. Here’s what Google wants you to be particularly aware of.

ForbesGoogle Confirms $1 Trillion AI Security Protection For Pixel Users

Google Highlights 5 Scam Trends To Be Concerned About

With Black Friday just around the corner, and that means Black Friday scams are already happening, the spotlight has turned on scams and scammers for much of the media. The truth is, of course, that scams are a year-round problem and not one that you need to be aware of during two or three holidays across the year. Google’s Laurie Richardson, vice-president of Trust & Safety, knows that only too well, given she is tasked with keeping Google users safe from scams 365 days a year. Leading a global team developing policy and technology solutions to the problem, when Richardson speaks, you would be well advised to listen, especially as the scammers themselves are constantly evolving their tactics as they seek to reap the most reward from their nefarious schemes.

Scams are “often carried out by transnational crime organizations: bad actors who operate at scale, constantly adapt their methods, and combine online and offline activity to lure people into their fraudulent schemes,” Richardson said. t’s as a result of this that, so as to help raise awareness about the risks by sharing the latest tactics used by scammers and criminals, Google is launching a “regular online fraud and scams advisory.”

Google Online Scams Advisory Number 1

To get the ball rolling, Google has published Online Scams Advisory Number 1, which addresses five recent trends worthy of note. As well as the warning about crypto investment schemes, app cloning and major event exploitation, the remaining two were the ones that caught my eye and that of others in the security business: AI impersonation campaigns and landing page cloaking.

Impersonation scams are nothing new, but they have been getting increasingly more sophisticated thanks to the addition of AI in creating them. “These impersonations often promote fraudulent offerings ranging from high-return investments to fake giveaways and harmful apps,” Richardson said, adding that they are increasingly complex, “blending traditional impersonation and investment fraud, while attempting to exploit multiple products as part of a single campaign.” Google has recently updated its misrepresentation policy in direct response to such scams in Google Ads. Richardson also advised users to “look out for unnatural expressions in the content you see or strange promotions from public figures,” as deepfakes “often have trouble making faces look totally natural which can be a first indicator of synthetic content.”

ForbesHackers Avoid Google Chrome Security Features In New Attack, Researchers Warn

Google Warning As Landing Page Cloaking Tactics Emerge

“Scammers are using deceptive tactics like cloaking to present different content to Google compared to what a user sees,” Richardson said in the new Google scam advisory, adding that “cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam directly to users.”

Google has also been analyzing a cloaking trend that redirects users via tracking templates from an advert to a scareware site, for example. Once again, Google has policies that prohibit the use of landing page cloaking, but scammers are not known for following the rules, it has to be noted. The official Google advice is to take note of the URL displayed before clicking and double-checking the page you end up on. Enabling Enhanced Protection in Google Chrome is also recommended.

“We should expect Google to protect its ranking algorithms from outside manipulation such as cloaking,” Dr Martin Kraemer, a security awareness advocate at KnowBe4, said, “however, even when Google has increased the robustness of its algorithms, we must understand that cybercrime syndicates are run as professional enterprises that enter a constant battle with defenders of organizations.” That said, the use of these scam advisory postings is to be welcomed from Google as it represents one more layer of user education that is critical in the fight against scammers.

ForbesGoogle Confirms New Gmail Security Boost For 2.5 Billion Users

Latest article