Joe was preparing to make a big purchase as a surprise for his wife, so he first checked their bank account balance on their bank's website. Joe typed in the bank name on his search engine and clicked the first search result that came up. The search result included the bank's name and stated it was the official login page.
As the page loaded, Joe noticed that the URL was different than normal and that the lock symbol was missing from the address bar. Before Joe could exit the website, it loaded, and his fears were confirmed.
A red pop-up appeared stating, "Your device has been infected with Malware." Joe panicked and clicked out of the website. At first, he was terrified, thinking of all the damage he could have caused. But then, he started thinking of his cybersecurity training. Joe scanned his computer for malware and once it was clean, he changed his bank password and all other passwords that could have been compromised.
Did you spot the red flags?
- Joe didn't check the URL before clicking on the website, he just checked the name which can be modified to mimic real websites.
- Instead of scrolling down past the ads, Joe clicked on the first search result that popped up.
- Joe could have typed in the bank website directly, but he entered the name into the search engine instead.
What you should know about this scam
Type in websites directly and for websites you visit often, bookmark them on your browser to avoid search engine ads.
Avoid ads at the top of search results. Cybercriminals can pay to have their websites posted as ads. Consider using an ad blocker.
Avoid searching for websites on your phone as it is harder to tell if they are secure and easier to accidentally click on an unknown link. If you do click on a malicious link, alert your IT department or someone at your organization.