CTW #20 — June 2025 - National Cybersecurity Society

NCSS-3397-Bulletin-Header-Footer-Header Graphic 1600x350-Compressed

Published: June 20, 2025

Our new bulletin Cyber Threat Watch has been created to help small businesses stay up to date on the latest threats, news, and events affecting their business. The content has been curated to make cybersecurity easy and accessible for both technical and nontechnical readers.

Featured Cyber Threat — Online Ad Scams Impersonating Tech Support

The business concept leverages digital marketing, online commerce, and AI technology. A businessman uses a laptop to plan digital marketing campaigns across digital channels including search engines.

Cybercriminals are constantly evolving their tactics. One alarming trend involves misleading online advertisements paired with subtle manipulation of legitimate websites. The Federal Trade Commission (FTC) recently issued a consumer alert about this issue, warning that the messages that claim to be from trusted companies could be a scheme to lure users into tech support scams. Preying on user trust and a sense of urgency, this type of fraud can pose risks such as data theft, malware infections, and financial losses for individuals and organizations.

What Is an Online Ad Scam?

This scam begins with fraudulent ads that appear to offer technical support from trusted companies like Microsoft, Apple, or Google. When users click on these ads, they are directed to the company’s real website. However, scammers have already exploited vulnerabilities in its internal search function by inserting fake tech support contact information into search results. As a result, they are unknowingly led to contact scammers who are posing as legitimate tech support representatives. This interaction often results in payment demands, malware installations, or theft of sensitive information.

This tactic is particularly dangerous because it takes advantage of the users’ perceived legitimacy of the websites and their trust in well-known brands.

Common Tactics and Warning Signs

Scammers employ a range of deceptive methods to make this scheme more convincing and harder to detect. Therefore, recognizing the warning signs is crucial to avoid falling victim.

Suspicious Contact Information: Users should be cautious of unfamiliar tech support numbers or other contact details found through ads, pop-ups, or search functions. The official contact information should always be verified through the company’s legitimate website.
Phishing Through Malvertising: Fraudulent ads direct users to malware-infected sites. Pop-ups or redirects may display misleading system alerts. For example, Microsoft warns that its error or warning messages never include support phone numbers, nor do they initiate contact to request personal information or offer unsolicited tech support.
Pressure Tactics Using Urgent Messages: Users should be suspicious of messages demanding immediate payment or action. Scammers leverage urgency and fear to push users into making hasty decisions.
Drive-By Downloads and Fake Login Pages: Compromised ads, especially on outdated browsers, can silently install malware on the user’s device. Fake login pages that mimic trusted brands may insist on using specific methods, such as Google accounts, to harvest credentials.
Deceptive Appearances Using Deepfake: Scammers may use deepfake images, videos, or branding in fraudulent ads to make them appear authentic and trustworthy. These techniques exploit user trust in familiar brands and can mislead even cautious users into engaging with fake support schemes or downloading malware.

Urgent message alert. Verify your account to protect against scams and phishing attempts. Protect your identity. Scam concept

How to Protect Yourself and Your Business

Taking proactive steps can drastically reduce the risk of falling victim to these online ad scams. Here are key steps to protect yourself and your business.

Train Employees: Provide training sessions that help employees recognize online ad scam tactics.
Use Official Contact Information: Verify contact details through the company’s official website. Avoid referring to the information from ads, pop-ups, or search results.
Keep Software Updated: Ensure that browsers and security software are updated regularly to block known threats.
Use Secure Browsers: Select browsers equipped with advanced security features, such as built-in threat protection and safeguards against known scam sites.
Enable Multi-Factor Authentication (MFA): Adding an extra layer of security like the MFA helps prevent unauthorized access.
Report Scams: Report suspicious ads, pop-ups, or scam contacts to authorities and the platforms where suspicious content appeared. The FTC provides the official channel at ftc.gov for reporting fraud.

Conclusion

Online ad scams impersonating tech support are becoming increasingly sophisticated and difficult to detect. These scams exploit trust in well-known brands and their legitimate websites to deceive users. Staying vigilant, educating employees, and using proactive security measures are essential steps in defending against these evolving threats.

The NCSS encourages businesses to adopt comprehensive security practices and stay informed about evolving technology threats. We recommend you consider becoming an NCSS member to access a wide range of our services. For more information, visit our Small Business page.

References

https://consumer.ftc.gov/consumer-alerts/2025/04/seemingly-urgent-security-messages-could-lead-tech-support-scams

https://bfore.ai/a-new-wave-of-tech-support-scams/

https://www.yahoo.com/news/4-money-lookout-tech-support-095542498.html

https://expertitsolutions.ca/malvertising-scam-using-google-ads/

https://adtelligent.com/blog/ad-fraud-guide-what-it-is-how-it-works/

https://cordcuttersnews.com/google-cracks-down-on-fake-online-ads-suspends-39-2-million-accounts-in-2024-using-ai/

https://support.microsoft.com/en-us/windows/protect-yourself-from-tech-support-scams-2ebf91bd-f94c-2a8a-e541-f5c800d18435

https://www.reintivity.com/by-content-type/article/watch-out-for-these-sneaky-malvertising-scams/

NCSS-3397-Bulletin-Header-Footer-Attribution Banner 1600x200

About the NCSS

The National Cybersecurity Society (NCSS) is committed to improving the online safety and security of the small business community through education, awareness, and advocacy. As a 501(3)(c) organization, the NCSS uses funds from charitable donations and grants to develop educational materials, webinars, weekly cyber tips, videos, and how-to-guides. The organization’s goal is to enable and empower small and medium businesses to obtain cybersecurity services, assist them in understanding their cyber risk, and advise on the type of protection needed. We want to continue to grow our community and encourage you to tell other small businesses we are here to help.

The NCSS is committed to respecting the use of images in our communication efforts. Accordingly, unless otherwise specifically noted, the graphics in our bulletin are sourced under license from Adobe Stock. The header and footer images were designed and purchased through a contract with Eyedea Advertising & Design Studio.