Skip to Main Content

Beware of spoofed web search results

Graphic with a red pause button, a yellow check mark, and a green play button and the words pause, verify, report at work underneath.

Fraudsters often spoof websites, especially banks, shopping, and bill payment sites because they know users will search for these sites and open the top result. Many of these sites use what look like the official website address but redirect users to spoofed sites. Once a user is there, they input login credentials to the fake site, giving them to the fraudsters. The fraudsters can then log into your accounts to steal money or bank account numbers.

Users using chatbots for searches to save time will often have search returns to spoofed sites, since bots don’t always distinguish between official websites and spoofed sites. Spoofed sites often contain the word “official” to trick search engines and rank higher in search results.

Action Steps

Given the importance of protecting department resources, Internal Control Officers, Chief Fiscal Officers and General Counsels should ensure that these internal controls are added to your procedures for daily operations for any staff logging in to third-party sites for department business.  In addition, your internal controls should ensure that staff are properly trained on these procedures and that monitoring is in place to ensure compliance.