Google has launched a regular fraud and scams advisory to combat the growing volume and sophistication of online scams. Multinational crime entities are increasingly using advanced technology and complex schemes to target victims worldwide.
To protect users and the broader digital ecosystem, Google’s Trust & Safety (T&S) teams are tracking emerging trends, developing new protective measures, and sharing vital information with the public.
The first advisory outlines five major trends shaping today’s online scam landscape:
Public Figure Impersonation Campaigns
The accessibility of deepfake technology has fueled a surge in public figure impersonation scams, where criminals use AI to mimic well-known personalities to promote fake investments, giveaways, and other fraudulent schemes. By blending traditional fraud methods with digital impersonation, scammers exploit trust in public figures to lure victims.
To address this, Google updated its Misrepresentation Policy for Google Ads in 2024, targeting public figure impersonation campaigns. YouTube, in parallel, enforces policies against misleading AI-generated content, and Google is developing tools like SynthID to watermark and identify synthetic media.
Safety Tip: Look for signs of unnatural facial expressions or unusual behavior in media, which can be indicators of deepfakes.
Cryptocurrency Investment Scams
Crypto investment scams have burgeoned, often promising exorbitant (and unrealistic) returns. Malefactors frequently use manipulated media to imply endorsements by celebrities or reputable brands. Google has introduced robust policies to counter these scams, particularly within ads and app distribution channels.
Safety Tip: Avoid investments that guarantee high returns with minimal risk, as these often signal fraudulent schemes.
App and Landing Page Cloning
Clone scams, which direct users to websites that mimic legitimate brands, deceive victims into revealing personal information or downloading malware. Tech support scams and fake login portals have increasingly targeted employees, aiming to steal sensitive corporate information.
Google enforces social engineering policies against phishing and deceptive sites, prohibiting ads from impersonating technical support providers or applications.
Safety Tip: Always verify information from official company sites, and look closely for misspellings or formatting issues that might indicate a fake page.
Cloaking Tactics on Landing Pages
Cloaking—displaying different content to Google than to the end-user—enables scammers to bypass Google’s moderation systems. Scammers often lure users into scareware pages, convincing them that their device is compromised to solicit personal information or payments.
Safety Tip: Before clicking, check the displayed URL to ensure it matches the landing page. Enhanced Protection on Chrome can also add an extra layer of security.
Exploiting Major Events
Scammers frequently exploit major events such as elections, sports, and natural disasters. In one instance, the April solar eclipse was used to promote fake NASA-affiliated products, while scammers have targeted humanitarian disasters with fraudulent charity sites. Google’s policies prohibit ads or content that exploit or misrepresent such sensitive events.
Safety Tip: Use only verified websites and established platforms for donations or purchases linked to major events.
Raising Awareness
Dr Martin Kraemer, Security Awareness Advocate at KnowBe4, comments: “I welcome Google’s effort to raise awareness of ongoing scams and frauds. We should expect Google to protect its ranking algorithms from outside manipulation such as cloaking. However, even when Google has increased the robustness of its algorithms, we must understand that cybercrime syndicates are run as professional enterprises that enter a constant battle with defenders of organizations.”
In any case, Kramer says it is crucial to raise awareness among users. “It is great to see Google joining GASA and other associations where we have been working on the issues of employee training for many years.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.